Jump to content

browser redirect problem


Recommended Posts

Like a bunch of other people, I have this nasty thing which redirects my search results and other links to random ad sites, many of which contain additional bad stuff.

I've spent several days downloading and using many different scanners and tools, which have all failed to get rid of this thing. This is the first time I have not been able to solve a malware problem on my own, so now I'm hoping the pros can help. Here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:43:49 PM, on 12/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7037 bytes

Link to post
Share on other sites

Hi and welcome to the Malwarebytes forums. :P

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)

    [*]Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

Gmer

Download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Then click the Scan button & wait for it to finish

    [*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file

    [*]Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

In your next reply:

  1. RSIT log.txt
  2. RSIT info.txt
  3. GMER log

Link to post
Share on other sites

Wow, thanks for the prompt reply!

Logfile of random's system information tool 1.06 (written by random/random)

Run by Michael at 2009-12-23 23:41:03

Microsoft Windows XP Professional Service Pack 2

System drive C: has 2 GB (6%) free of 38 GB

Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41:13 PM, on 12/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Michael\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7087 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]

AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]

"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2003-11-20 57344]

"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]

C:\PROGRA~1\TECHSM~1\SNAGIT~1\SnagIt32.exe [2007-05-01 6395464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"

"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"

"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"

"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-12-23 23:41:03 ----D---- C:\rsit

2009-12-23 17:43:38 ----D---- C:\Program Files\Trend Micro

2009-12-23 17:13:41 ----D---- C:\Program Files\HijackThis

2009-12-23 17:08:21 ----SHD---- C:\RECYCLER

2009-12-23 15:48:26 ----D---- C:\WINDOWS\temp

2009-12-23 15:48:25 ----A---- C:\ComboFix.txt

2009-12-23 15:26:47 ----A---- C:\WINDOWS\ntbtlog.txt

2009-12-23 02:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-12-23 02:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-12-23 02:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-12-23 02:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2009-12-23 02:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-23 02:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-12-23 01:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$

2009-12-23 01:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-12-23 01:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-12-23 01:56:22 ----D---- C:\WINDOWS\ServicePackFiles

2009-12-23 01:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2009-12-23 01:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-12-23 01:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-12-23 01:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-12-23 01:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-12-23 01:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-12-23 01:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-12-23 01:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-12-23 01:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2009-12-23 01:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-12-23 01:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-12-23 01:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2009-12-23 01:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-12-23 01:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-23 01:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2009-12-23 01:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-12-23 01:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-12-23 01:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-12-23 01:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-12-23 01:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2009-12-23 01:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2009-12-23 01:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-12-23 01:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2009-12-23 01:28:44 ----A---- C:\WINDOWS\imsins.BAK

2009-12-23 01:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2009-12-22 22:27:27 ----A---- C:\rollback.ini

2009-12-22 22:09:43 ----D---- C:\Program Files\Common Files\ParetoLogic

2009-12-22 22:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2009-12-22 20:25:22 ----A---- C:\Boot.bak

2009-12-22 20:25:12 ----RASHD---- C:\cmdcons

2009-12-22 20:22:36 ----A---- C:\WINDOWS\zip.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWSC.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWREG.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\sed.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\PEV.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\NIRCMD.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\MBR.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\grep.exe

2009-12-22 20:22:11 ----D---- C:\WINDOWS\ERDNT

2009-12-22 20:15:44 ----D---- C:\Qoobox

2009-12-22 13:29:04 ----D---- C:\Program Files\CCleaner

2009-12-21 22:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 15:36:51 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-12-21 15:36:45 ----D---- C:\Program Files\Alwil Software

2009-12-05 14:47:30 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 14:45:51 ----D---- C:\Program Files\SUPERAntiSpyware

2009-12-05 14:45:51 ----D---- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 months======

2009-12-23 23:40:16 ----D---- C:\WINDOWS\Prefetch

2009-12-23 21:21:55 ----D---- C:\Program Files\Mozilla Firefox

2009-12-23 17:43:38 ----RD---- C:\Program Files

2009-12-23 17:09:29 ----D---- C:\WINDOWS\system32\wbem

2009-12-23 17:09:28 ----D---- C:\WINDOWS\system32

2009-12-23 17:09:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-23 16:51:20 ----A---- C:\WINDOWS\win.ini

2009-12-23 16:46:54 ----D---- C:\WINDOWS\system32\drivers

2009-12-23 16:31:28 ----D---- C:\WINDOWS

2009-12-23 15:45:09 ----A---- C:\WINDOWS\system.ini

2009-12-23 15:42:38 ----D---- C:\WINDOWS\AppPatch

2009-12-23 15:42:38 ----D---- C:\Program Files\Common Files

2009-12-23 15:36:20 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-23 15:00:31 ----HD---- C:\WINDOWS\inf

2009-12-23 15:00:04 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-23 13:06:31 ----D---- C:\Config.Msi

2009-12-23 12:56:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-23 12:56:49 ----SHD---- C:\WINDOWS\Installer

2009-12-23 12:46:44 ----SD---- C:\WINDOWS\Tasks

2009-12-23 12:32:13 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-12-23 12:31:16 ----D---- C:\WINDOWS\system32\Setup

2009-12-23 02:10:25 ----D---- C:\WINDOWS\WinSxS

2009-12-23 02:10:22 ----D---- C:\WINDOWS\system32\Restore

2009-12-23 02:06:26 ----D---- C:\WINDOWS\Microsoft.NET

2009-12-23 02:06:12 ----RSD---- C:\WINDOWS\assembly

2009-12-23 01:48:33 ----D---- C:\Program Files\Outlook Express

2009-12-23 01:47:31 ----D---- C:\WINDOWS\system32\en-us

2009-12-23 01:47:31 ----D---- C:\Program Files\Internet Explorer

2009-12-23 01:47:05 ----D---- C:\WINDOWS\ie7updates

2009-12-22 20:48:45 ----D---- C:\WINDOWS\Help

2009-12-22 20:25:23 ----RASH---- C:\boot.ini

2009-12-22 13:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-12-22 13:31:11 ----D---- C:\WINDOWS\Debug

2009-12-22 13:31:07 ----D---- C:\WINDOWS\Minidump

2009-12-22 12:17:40 ----D---- C:\WINDOWS\msagent

2009-12-21 22:26:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-21 22:26:21 ----D---- C:\Program Files\McAfee

2009-12-21 22:26:21 ----D---- C:\Program Files\Common Files\McAfee

2009-12-21 22:26:20 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2009-12-21 22:13:16 ----D---- C:\QUARANTINE

2009-12-21 18:00:12 ----D---- C:\WINDOWS\pss

2009-12-21 17:30:30 ----D---- C:\WINDOWS\system32\config

2009-12-21 13:20:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$

2009-12-15 18:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$

2009-12-14 21:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$

2009-12-11 23:33:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-12-07 19:51:27 ----SHD---- C:\WINDOWS\CSC

2009-12-06 22:25:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-05 17:14:18 ----D---- C:\Documents and Settings\Michael\Application Data\BitTorrent

2009-12-02 21:34:25 ----D---- C:\Documents and Settings

2009-11-25 13:17:47 ----D---- C:\Documents and Settings\Michael\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-11-06 9336]

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-11-06 9464]

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2009-02-18 186128]

R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []

R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2006-10-06 143834]

R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2006-10-06 206464]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]

R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-27 150528]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]

R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2006-10-06 30630]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]

R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2004-01-13 2482176]

S1 94eb0448;94eb0448; C:\WINDOWS\System32\drivers\94eb0448.sys []

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

S2 echrwbq;echrwbq; \??\C:\WINDOWS\system32\drivers\ayjdyv.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2006-10-06 25898]

S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-11-03 226816]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]

S3 kkdrdgafkfip;kkdrdgafkfip; C:\WINDOWS\system32\drivers\kkdrdgafkfip.sys [2009-12-23 8576]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.06 2009-12-23 23:41:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

AIM 6-->C:\Program Files\AIM6\uninst.exe

AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"

ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

BitTorrent-->C:\Program Files\BitTorrent\uninst.exe

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Broadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033

Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"

Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"

Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe

Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

K-Lite Mega Codec Pack 4.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Mouse Suite-->PMUninst.exe MouseSuite98

Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe

Pinnacle Instant DVD Recorder-->C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly

proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

RAD Video Tools-->"C:\Program Files\RADVideo\uninstall.exe"

RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe

SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

SnagIt 8-->MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}

SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}

Studio 10 Bonus DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL

Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL

The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe

The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe

The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe

The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"

Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091223-1]

======System event log======

Computer Name: HOME

Event Code: 30013

Message: The DHCP allocator has disabled itself on IP address 192.168.1.2,

since the IP address is outside the 192.168.0.0/255.255.255.0 scope

from which addresses are being allocated to DHCP clients.

To enable the DHCP allocator on this IP address,

please change the scope to include the IP address,

or change the IP address to fall within the scope.

Record Number: 24

Source Name: ipnathlp

Time Written: 20091216160019.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 7000

Message: The Automatic Updates service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 8

Source Name: Service Control Manager

Time Written: 20091216155857.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 49

Message: Configuring the Page file for crash dump failed. Make sure there is a page

file on the boot partition and that is large enough to contain all physical

memory.

Record Number: 6

Source Name: Ftdisk

Time Written: 20091216155832.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 45

Message: The system could not sucessfully load the crash dump driver.

Record Number: 5

Source Name: Ftdisk

Time Written: 20091216155832.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 4

Message: Broadcom 570x Gigabit Integrated Controller #2: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 4

Source Name: b57w2k

Time Written: 20091216155832.000000-300

Event Type: warning

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0905

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Sorry for the delay on this; my computer froze the first time around

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2009-12-24 13:06:59

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\pxtdipow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3FCA6B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3FCA574]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF4048730]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF40488A0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF4049340]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF4048F90]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF4049C60]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3FCAA52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3FCA14C]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF4046F80]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3FCA64E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3FCA08C]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF4049170]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3FCA0F0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF4049910]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3FCA76E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3FCA72E]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF4049C10]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF4049F90]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF404A560]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF4045C40]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3FCA8AE]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF4049BC0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF40472F0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xF4049760]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF4048A20]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xF4044D40]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xF4044D50]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xF4044D60]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xF4044D80]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xF4044DA0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xF4044DD0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xF4044DE0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xF4044E00]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xF4044E10]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xF4044ED0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xF4044FA0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xF4044FE0]

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xF4045020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 87C090F8

Device \Driver\atapi \Device\Ide\IdePort0 87C090F8

Device \Driver\atapi \Device\Ide\IdePort1 87C090F8

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 87C090F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs F1152400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi

With reference to the HijackThis Forum Policy, please uninstall the following programs before we continue:

BitTorrent

LimeWire 5.1.3

...no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate BitTorrent and click on the Change/Remove button to uninstall it.
  • Repeat for LimeWire 5.1.3
  • Close Add/Remove Programs and Control Panel when done.

There are signs that combofix has been run.

Combofix's developer sUBs never intended the tool to be for private use, hence the disclaimer

combifixdiscl.png

And from Bleeping Computer's combofix tutorial:

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.
and from sUBs himself
...there's a valid reason why we don't ask you to run ComboFix from the onset. ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

In your next reply - after confirming the removal of the P2P file sharing programs - please post the contents of combofix.txt which can be found at C:\combofix.txt

Have you also run Kaspersky's TDSSKiller?

Link to post
Share on other sites

I have done as you asked and removed those programs. After all of this, I don't want to be use them again anyway.

Perhaps it was a mistake to run combofix...I had read somewhere that it was a good tool to remove malware so I used it.

As to Kaspersky, it wouldn't install because it said I had to remove McAfree software first, some of which I had already removed. So no, I haven't run it.

ComboFix 09-12-21.08 - Michael 12/22/2009 20:30:40.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.616 [GMT -5:00]

Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Michael\Desktop\Internet Security 2010.lnk

c:\documents and settings\Michael\Start Menu\Internet Security 2010.lnk

c:\program files\Common

c:\recycler\S-1-5-21-115392329-2984834892-2131622260-1014

c:\recycler\S-1-5-21-115392329-2984834892-2131622260-500

c:\recycler\S-1-5-21-1568581973-3996924786-2203746030-1009

c:\recycler\S-1-5-21-1568581973-3996924786-2203746030-500

c:\recycler\S-1-5-21-1757981266-854245398-1234659875-1003

c:\recycler\S-1-5-21-3395001480-102907173-2267499907-1012

c:\windows\system32\11478.exe

c:\windows\system32\15724.exe

c:\windows\system32\18467.exe

c:\windows\system32\19169.exe

c:\windows\system32\26500.exe

c:\windows\system32\6334.exe

c:\windows\Temp\0087681259786563mcinst.exe

c:\windows\Temp\0321371259873994mcinst.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :P

.

((((((((((((((((((((((((( Files Created from 2009-11-23 to 2009-12-23 )))))))))))))))))))))))))))))))

.

2009-12-22 18:29 . 2009-12-22 18:29 -------- d-----w- c:\program files\CCleaner

2009-12-22 03:19 . 2009-12-22 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 20:37 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-12-21 20:37 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-12-21 20:37 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-12-21 20:37 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-12-21 20:37 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-12-21 20:37 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-12-21 20:37 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-12-21 20:37 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-12-21 20:36 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-12-21 20:36 . 2009-12-21 20:36 -------- d-----w- c:\program files\Alwil Software

2009-12-05 19:47 . 2009-12-05 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 19:45 . 2009-12-22 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-05 19:45 . 2009-12-05 19:45 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com

2009-12-05 05:15 . 2009-12-05 05:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2009-12-03 02:55 . 2009-12-03 02:55 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing

2009-11-24 02:22 . 2009-11-24 02:22 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 18:57 . 2007-09-01 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-12-22 03:26 . 2008-03-02 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-22 03:26 . 2008-03-02 17:01 -------- d-----w- c:\program files\McAfee

2009-12-22 03:26 . 2008-03-02 17:01 -------- d-----w- c:\program files\Common Files\McAfee

2009-12-22 03:26 . 2008-03-02 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-12-07 03:25 . 2009-06-03 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-05 22:14 . 2009-11-18 21:40 -------- d-----w- c:\documents and settings\Michael\Application Data\BitTorrent

2009-12-03 21:14 . 2009-06-03 18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13 . 2009-06-03 18:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-25 18:17 . 2005-07-01 15:00 -------- d-----w- c:\documents and settings\Michael\Application Data\LimeWire

2009-11-18 21:40 . 2009-11-18 21:40 -------- d-----w- c:\program files\BitTorrent

2009-11-11 17:24 . 2009-11-11 16:55 124339 ----a-w- c:\windows\HPHins12.dat

2009-11-11 17:21 . 2009-11-11 17:19 -------- d-----w- c:\program files\Common Files\HP

2009-11-11 17:20 . 2009-06-06 02:34 -------- d-----w- c:\program files\HP

2009-11-11 17:20 . 2009-11-11 17:20 -------- d-----w- c:\program files\Hewlett-Packard

2009-11-11 02:23 . 2009-11-11 02:23 -------- d-----w- c:\program files\7-Zip

2009-10-28 01:28 . 2009-10-28 01:28 -------- d-----w- c:\program files\YouTube Downloader

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]

"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk

backup=c:\windows\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12204:TCP"= 12204:TCP:Limewire

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

"2479:TCP"= 2479:TCP:Services

"3246:TCP"= 3246:TCP:Services

"3389:TCP"= 3389:TCP:Remote Desktop

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/21/2009 3:37 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/21/2009 3:37 PM 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/30/2008 4:11 PM 93320]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [4/21/2005 8:58 PM 92550]

S1 94eb0448;94eb0448;c:\windows\system32\drivers\94eb0448.sys [6/3/2009 1:21 PM 0]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 echrwbq;echrwbq;\??\c:\windows\system32\drivers\ayjdyv.sys --> c:\windows\system32\drivers\ayjdyv.sys [?]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\0p87wyuy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\Michael\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-McAfeeUpdaterUI - c:\program files\McAfee\Common Framework\UdaterUI.exe

MSConfigStartUp-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

MSConfigStartUp-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE

MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 20:41

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87C77D98]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7531fc3

\Driver\ACPI -> ACPI.sys @ 0xf74a4cb8

\Driver\atapi -> 0x87c77d98

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094

ParseProcedure -> ntoskrnl.exe @ 0x8056f08e

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094

ParseProcedure -> ntoskrnl.exe @ 0x8056f08e

NDIS: Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter -> SendCompleteHandler -> 0x871dd450

PacketIndicateHandler -> NDIS.sys @ 0xf7357b21

SendHandler -> NDIS.sys @ 0xf733587b

Warning: possible MBR rootkit infection !

copy of MBR has been found in sector 0x04A8143F

malicious code @ sector 0x04A81442 !

PE file found in sector at 0x04A81458 !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1024)

c:\windows\system32\mshtml.dll

c:\windows\IME\SPGRMR.DLL

c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\ICO.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Completion time: 2009-12-22 20:58:52 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-23 01:58

Pre-Run: 947,269,632 bytes free

Post-Run: 1,840,574,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DA56E3337B6D575A54D23F5AA9D845C3

Link to post
Share on other sites

Hi

Give me an update on how things are running after completing the instructions below.

Check a file

  • Go to VirusTotal or Jotti's
    C:\WINDOWS\system32\drivers\kkdrdgafkfip.sys

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.
    COMBOFIX-Script
    A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::
    C:\WINDOWS\System32\DRIVERS\klif.sys

    Folder::
    C:\Documents and Settings\Michael\Application Data\BitTorrent
    C:\Documents and Settings\Michael\Application Data\LimeWire
    C:\Program Files\BitTorrent
    C:\Program Files\LimeWire

    Driver::
    KLIF

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12204:TCP"=-
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "3246:TCP"=-
    "3389:TCP"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\BitTorrent\bittorrent.exe"=-

    MBR::


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Link to post
Share on other sites

The result from Jotti's (the other site appeared to have a similar outcome):

Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.

Filename: d7dbfbc453b645111e6d21142305e80b

Status:

Scan finished. 0 out of 21 scanners reported malware.

Scan taken on: Mon 28 Dec 2009 00:56:06 (CET) Permalink

Scanners

[ArcaVir]

2009-12-27 Found nothing

[G DATA]

2009-12-26 Found nothing

[A-Squared]

2009-12-28 Found nothing

[ikarus]

2009-12-27 Found nothing

[Avast! antivirus]

2009-12-27 Found nothing

[Kaspersky Anti-Virus]

2009-12-27 Found nothing

[Grisoft AVG Anti-Virus]

2009-12-27 Found nothing

[ESET NOD32]

2009-12-27 Found nothing

[Avira AntiVir]

2009-12-26 Found nothing

[Norman Virus Control]

2009-12-26 Found nothing

[softwin BitDefender]

2009-12-26 Found nothing

[Panda Antivirus]

2009-12-27 Found nothing

[ClamAV]

2009-12-27 Found nothing

[Quick Heal]

2009-12-24 Found nothing

[CPsecure]

2009-12-27 Found nothing

[sophos]

2009-12-27 Found nothing

[Dr.Web]

2009-12-28 Found nothing

[VirusBlokAda VBA32]

2009-12-25 Found nothing

[Frisk F-Prot Antivirus]

2009-12-27 Found nothing

[VirusBuster]

2009-12-27 Found nothing

[F-Secure Anti-Virus]

2009-12-27 Found nothing

Additional info

File size: 8576 bytes

Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit

MD5: d7dbfbc453b645111e6d21142305e80b

SHA1: e134b78030cfca8dbfd0af144193fc445db86572

Link to post
Share on other sites

Hey melboy, I have no idea what you just had me do, but whatever it was it seems like my system is clean! :) Still, I'm afraid of speaking too soon, so I'll use it normally for a little while just to make sure things are good. Anyway, here is the log:

ComboFix 09-12-26.05 - Michael 12/28/2009 1:49:18.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.627 [GMT -5:00]

Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"C:\WINDOWS\System32\DRIVERS\klif.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Michael\Application Data\LimeWire

C:\Documents and Settings\Michael\Application Data\LimeWire\active.mojito

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\auth.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\caps.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\composer.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\directory.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\editor.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\find.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\intl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jar.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\locale.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\places.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pref.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\profile.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\update.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\widget.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dependentlibs.list

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.chk

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\all.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\js3250.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\LICENSE

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\debug.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\utils.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctl.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctlx.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\msvcr71.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nspr4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nss3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssckbi.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssutil3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\platform.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plc4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plds4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\README.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrow.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\designmode.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\forms.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\grabber.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html\folder.png

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\language.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\mathml.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\quirk.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\svg.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\ua.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\viewsource.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\smime3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.chk

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\sqlite3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\ssl3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\updater.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\version.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcom.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpidl.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xul.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\certificate\limewire.keystore

C:\Documents and Settings\Michael\Application Data\LimeWire\createtimes.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\downloads.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\fileurns.bak

C:\Documents and Settings\Michael\Application Data\LimeWire\fileurns.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\filters.props

C:\Documents and Settings\Michael\Application Data\LimeWire\gnutella.net

C:\Documents and Settings\Michael\Application Data\LimeWire\installation.props

C:\Documents and Settings\Michael\Application Data\LimeWire\library.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\library5.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\limewire.props

C:\Documents and Settings\Michael\Application Data\LimeWire\mojito.props

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\.autoreg

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\cert8.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\compreg.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\cookies.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\downloads.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\history.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\key3.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\permissions.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite-journal

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\pluginreg.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\prefs.js

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\secmod.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\XPC.mfl

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\xpti.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.backup

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.data

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.script

C:\Documents and Settings\Michael\Application Data\LimeWire\questions.props

C:\Documents and Settings\Michael\Application Data\LimeWire\responses.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\simpp.xml

C:\Documents and Settings\Michael\Application Data\LimeWire\spam.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\tables.props

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme.lwtp

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\01_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\02_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\03_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\04_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\05_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\chat.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\kill.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\kill_on.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\logo.png

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\notsearching.png

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\play_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\play_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\question.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\searching.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\theme.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\version.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\warning.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\ttdata.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\ttrees.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\ttroot.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\version.xml

C:\Documents and Settings\Michael\Application Data\LimeWire\version.xml46005tmp

C:\Documents and Settings\Michael\Application Data\LimeWire\versions.props

C:\Documents and Settings\Michael\Application Data\LimeWire\xml\data\audio.sxml3

C:\Documents and Settings\Michael\Application Data\LimeWire\xml\data\video.sxml3

c:\windows\system32\drivers\kkdrdgafkfip.sys

.

original MBR restored successfully !

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KLIF

-------\Service_KLIF

-------\Legacy_kkdrdgafkfip

-------\Service_kkdrdgafkfip

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))

.

2009-12-26 04:19:02 . 2009-12-26 04:22:02 -------- d-----w- C:\66fcef5f41913d453d44adb667c63a

2009-12-24 15:57:17 . 2009-12-24 15:57:18 -------- d-----w- C:\Documents and Settings\HelpAssistant\Pavark

2009-12-24 04:41:03 . 2009-12-24 04:41:20 -------- d-----w- C:\rsit

2009-12-23 22:43:38 . 2009-12-23 22:43:38 -------- d-----w- C:\Program Files\Trend Micro

2009-12-23 21:38:43 . 2009-12-23 21:51:20 -------- d-----w- C:\Documents and Settings\Michael\Pavark

2009-12-23 06:56:22 . 2009-12-23 06:56:22 -------- d-----w- C:\WINDOWS\ServicePackFiles

2009-12-23 03:27:40 . 2009-12-28 07:02:13 88864 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

2009-12-23 03:27:40 . 2009-12-28 07:02:13 1387040 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2009-12-23 03:09:43 . 2009-12-23 17:52:53 -------- d-----w- C:\Program Files\Common Files\ParetoLogic

2009-12-23 03:09:43 . 2009-12-23 17:52:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2009-12-23 03:08:26 . 2009-12-23 03:08:26 -------- d-----w- C:\Documents and Settings\Michael\Local Settings\Application Data\Downloaded Installations

2009-12-22 18:29:04 . 2009-12-22 18:29:06 -------- d-----w- C:\Program Files\CCleaner

2009-12-22 03:19:50 . 2009-12-22 03:19:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 20:37:44 . 2009-11-24 23:48:57 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-12-21 20:37:43 . 2009-11-24 23:49:07 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-12-21 20:37:42 . 2009-11-24 23:47:54 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-12-21 20:37:35 . 2009-11-24 23:47:28 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-12-21 20:37:33 . 2009-11-24 23:51:09 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:59 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:12 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:00 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-12-21 20:36:51 . 2009-11-24 23:54:29 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-12-21 20:36:45 . 2009-12-21 20:36:45 -------- d-----w- C:\Program Files\Alwil Software

2009-12-05 19:47:30 . 2009-12-05 19:47:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 19:45:51 . 2009-12-22 03:26:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2009-12-05 19:45:51 . 2009-12-05 19:45:51 -------- d-----w- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com

2009-12-05 05:15:37 . 2009-12-05 05:15:37 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\McAfee

2009-12-03 02:55:55 . 2009-12-23 02:03:29 -------- d-----w- C:\Documents and Settings\HelpAssistant\Tracing

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 07:02:13 . 2009-12-23 03:27:40 9404 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx

2009-12-28 07:02:13 . 2009-12-23 03:27:40 19652 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

2009-12-23 03:32:24 . 2009-12-23 03:32:23 125952 ----a-w- C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2009-12-22 18:57:33 . 2007-09-01 17:39:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-12-22 03:26:52 . 2008-03-02 19:59:46 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-22 03:26:21 . 2008-03-02 17:01:38 -------- d-----w- C:\Program Files\McAfee

2009-12-22 03:26:21 . 2008-03-02 17:01:38 -------- d-----w- C:\Program Files\Common Files\McAfee

2009-12-22 03:26:20 . 2008-03-02 17:02:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee

2009-12-15 22:11:40 . 2009-12-05 19:48:00 117760 ----a-w- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-07 03:25:58 . 2009-06-03 18:35:52 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-07 03:25:16 . 2009-11-10 00:35:40 4844296 ----a-w- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-03 21:14:06 . 2009-06-03 18:35:57 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13:56 . 2009-06-03 18:35:54 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2009-11-11 17:24:39 . 2009-11-11 16:55:39 124339 ----a-w- C:\WINDOWS\HPHins12.dat

2009-11-11 17:21:56 . 2009-11-11 17:19:38 -------- d-----w- C:\Program Files\Common Files\HP

2009-11-11 17:20:17 . 2009-06-06 02:34:31 -------- d-----w- C:\Program Files\HP

2009-11-11 17:20:15 . 2009-11-11 17:20:15 -------- d-----w- C:\Program Files\Hewlett-Packard

2009-11-11 02:23:32 . 2009-11-11 02:23:27 -------- d-----w- C:\Program Files\7-Zip

2009-10-29 07:46:59 . 2004-08-04 12:00:00 832512 ------w- C:\WINDOWS\system32\wininet.dll

2009-10-29 07:46:52 . 2004-08-04 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll

2009-10-29 07:46:50 . 2004-08-04 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll

2009-10-21 06:00:55 . 2004-08-04 12:00:00 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll

2009-10-21 06:00:55 . 2004-08-04 12:00:00 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll

2009-10-20 16:54:12 . 2009-10-20 16:54:12 59976 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe

2009-10-20 14:58:48 . 2004-08-04 12:00:00 263552 ----a-w- C:\WINDOWS\system32\drivers\http.sys

2009-10-13 10:53:29 . 2004-08-04 12:00:00 266752 ----a-w- C:\WINDOWS\system32\oakley.dll

2009-10-12 13:54:17 . 2004-08-04 12:00:00 69632 ----a-w- C:\WINDOWS\system32\raschap.dll

2009-10-12 13:54:17 . 2004-08-04 12:00:00 112128 ----a-w- C:\WINDOWS\system32\rastls.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33:20 155648]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 01:05:00 344064]

"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 18:08:14 57344]

"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 16:28:00 684032]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 09:46:45 196608]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk

backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2009-05-19 05:23:16 49968 ----a-w- C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 07:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 18:06:36 290088 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 23:51:28 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\AIM6\\aim6.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4824:TCP"= 4824:TCP:Services

"7758:TCP"= 7758:TCP:Services

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [12/21/2009 3:37:33 PM 114768]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [12/21/2009 3:37:33 PM 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [7/30/2008 4:11:13 PM 93320]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\drivers\ozscr.sys [4/21/2005 8:58:38 PM 92550]

S1 94eb0448;94eb0448;C:\WINDOWS\system32\drivers\94eb0448.sys [6/3/2009 1:21:10 PM 0]

S1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys --> C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 echrwbq;echrwbq;\??\C:\WINDOWS\system32\drivers\ayjdyv.sys --> C:\WINDOWS\system32\drivers\ayjdyv.sys [?]

.

.

Link to post
Share on other sites

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0p87wyuy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: C:\Documents and Settings\Michael\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

.

Link to post
Share on other sites

Hi

There is part of the combofix log missing.

As well as posting the VirusTotal/Jotti results for the files below (if they exist), can you please re-post ALL of the log found at C:\combofix.txt

Thanks.

Check a file

  • Go to VirusTotal or Jotti's
    C:\WINDOWS\system32\drivers\ayjdyv.sys
    C:\WINDOWS\system32\drivers\94eb0448.sys

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.
  • Repeat for the second file on the list.

Link to post
Share on other sites

The problem is that there is no combofix log at that location. I did a system search for it and found it in the combofix folder. I'm quite certain I posted everything that was in it.

As to ayjdyv.sys, apparently such a file does not exist.

For 94eb0448.sys, when I uploaded the file there was a message saying that it contained 0 bytes.

Just so you know, my system has been running without issues since I followed your last instructions and all of the problems that I had are gone.

Link to post
Share on other sites

Hi

Just so you know, my system has been running without issues since I followed your last instructions and all of the problems that I had are gone.

As from my initial post:

Absence of symptoms does not mean that everything is clear

The logs so far show that there are still a number of issues that need addressing.

The problem is that there is no combofix log at that location. I did a system search for it and found it in the combofix folder. I'm quite certain I posted everything that was in it.

No, the log is definitely missing an important section that will give me further information about your problems. Please re-post the full log.

Link to post
Share on other sites

I'll just repost the log again. I don't know what to say; for some reason it is located in the combofix folder. If this isn't all of it I don't know what else to do.

ComboFix 09-12-26.05 - Michael 12/28/2009 1:49:18.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.627 [GMT -5:00]

Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"C:\WINDOWS\System32\DRIVERS\klif.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Michael\Application Data\LimeWire

C:\Documents and Settings\Michael\Application Data\LimeWire\active.mojito

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\auth.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\caps.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\composer.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\directory.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\editor.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\find.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\intl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jar.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\locale.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\places.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pref.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\profile.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\update.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\widget.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dependentlibs.list

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.chk

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\all.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\js3250.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\LICENSE

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\debug.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\utils.js

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctl.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctlx.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\msvcr71.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nspr4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nss3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssckbi.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\nssutil3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\platform.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plc4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plds4.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\README.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrow.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\designmode.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\forms.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\grabber.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html\folder.png

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\language.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\mathml.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\quirk.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\svg.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\ua.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\viewsource.css

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\smime3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.chk

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\sqlite3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\ssl3.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\updater.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\version.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcom.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpidl.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xul.dll

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

C:\Documents and Settings\Michael\Application Data\LimeWire\certificate\limewire.keystore

C:\Documents and Settings\Michael\Application Data\LimeWire\createtimes.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\downloads.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\fileurns.bak

C:\Documents and Settings\Michael\Application Data\LimeWire\fileurns.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\filters.props

C:\Documents and Settings\Michael\Application Data\LimeWire\gnutella.net

C:\Documents and Settings\Michael\Application Data\LimeWire\installation.props

C:\Documents and Settings\Michael\Application Data\LimeWire\library.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\library5.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\limewire.props

C:\Documents and Settings\Michael\Application Data\LimeWire\mojito.props

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\.autoreg

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\cert8.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\compreg.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\cookies.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\downloads.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.ini

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\history.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\key3.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\permissions.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite-journal

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\pluginreg.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\prefs.js

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\secmod.db

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\XPC.mfl

C:\Documents and Settings\Michael\Application Data\LimeWire\mozilla-profile\xpti.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.backup

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.data

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.properties

C:\Documents and Settings\Michael\Application Data\LimeWire\promotion\promodb.script

C:\Documents and Settings\Michael\Application Data\LimeWire\questions.props

C:\Documents and Settings\Michael\Application Data\LimeWire\responses.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\simpp.xml

C:\Documents and Settings\Michael\Application Data\LimeWire\spam.dat

C:\Documents and Settings\Michael\Application Data\LimeWire\tables.props

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme.lwtp

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\01_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\02_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\03_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\04_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\05_star.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\chat.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\kill.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\kill_on.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\logo.png

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\notsearching.png

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\play_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\play_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\question.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\searching.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_dn.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_up.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\theme.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\version.txt

C:\Documents and Settings\Michael\Application Data\LimeWire\themes\windows_theme\warning.gif

C:\Documents and Settings\Michael\Application Data\LimeWire\ttdata.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\ttrees.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\ttroot.cache

C:\Documents and Settings\Michael\Application Data\LimeWire\version.xml

C:\Documents and Settings\Michael\Application Data\LimeWire\version.xml46005tmp

C:\Documents and Settings\Michael\Application Data\LimeWire\versions.props

C:\Documents and Settings\Michael\Application Data\LimeWire\xml\data\audio.sxml3

C:\Documents and Settings\Michael\Application Data\LimeWire\xml\data\video.sxml3

c:\windows\system32\drivers\kkdrdgafkfip.sys

.

original MBR restored successfully !

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KLIF

-------\Service_KLIF

-------\Legacy_kkdrdgafkfip

-------\Service_kkdrdgafkfip

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))

.

2009-12-26 04:19:02 . 2009-12-26 04:22:02 -------- d-----w- C:\66fcef5f41913d453d44adb667c63a

2009-12-24 15:57:17 . 2009-12-24 15:57:18 -------- d-----w- C:\Documents and Settings\HelpAssistant\Pavark

2009-12-24 04:41:03 . 2009-12-24 04:41:20 -------- d-----w- C:\rsit

2009-12-23 22:43:38 . 2009-12-23 22:43:38 -------- d-----w- C:\Program Files\Trend Micro

2009-12-23 21:38:43 . 2009-12-23 21:51:20 -------- d-----w- C:\Documents and Settings\Michael\Pavark

2009-12-23 06:56:22 . 2009-12-23 06:56:22 -------- d-----w- C:\WINDOWS\ServicePackFiles

2009-12-23 03:27:40 . 2009-12-28 07:02:13 88864 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

2009-12-23 03:27:40 . 2009-12-28 07:02:13 1387040 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

2009-12-23 03:09:43 . 2009-12-23 17:52:53 -------- d-----w- C:\Program Files\Common Files\ParetoLogic

2009-12-23 03:09:43 . 2009-12-23 17:52:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2009-12-23 03:08:26 . 2009-12-23 03:08:26 -------- d-----w- C:\Documents and Settings\Michael\Local Settings\Application Data\Downloaded Installations

2009-12-22 18:29:04 . 2009-12-22 18:29:06 -------- d-----w- C:\Program Files\CCleaner

2009-12-22 03:19:50 . 2009-12-22 03:19:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 20:37:44 . 2009-11-24 23:48:57 23120 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-12-21 20:37:43 . 2009-11-24 23:49:07 48560 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-12-21 20:37:42 . 2009-11-24 23:47:54 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-12-21 20:37:35 . 2009-11-24 23:47:28 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-12-21 20:37:33 . 2009-11-24 23:51:09 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:59 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:12 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-12-21 20:37:33 . 2009-11-24 23:50:00 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-12-21 20:36:51 . 2009-11-24 23:54:29 1280480 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-12-21 20:36:45 . 2009-12-21 20:36:45 -------- d-----w- C:\Program Files\Alwil Software

2009-12-05 19:47:30 . 2009-12-05 19:47:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 19:45:51 . 2009-12-22 03:26:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2009-12-05 19:45:51 . 2009-12-05 19:45:51 -------- d-----w- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com

2009-12-05 05:15:37 . 2009-12-05 05:15:37 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\McAfee

2009-12-03 02:55:55 . 2009-12-23 02:03:29 -------- d-----w- C:\Documents and Settings\HelpAssistant\Tracing

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 07:02:13 . 2009-12-23 03:27:40 9404 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx

2009-12-28 07:02:13 . 2009-12-23 03:27:40 19652 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

2009-12-23 03:32:24 . 2009-12-23 03:32:23 125952 ----a-w- C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2009-12-22 18:57:33 . 2007-09-01 17:39:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-12-22 03:26:52 . 2008-03-02 19:59:46 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-22 03:26:21 . 2008-03-02 17:01:38 -------- d-----w- C:\Program Files\McAfee

2009-12-22 03:26:21 . 2008-03-02 17:01:38 -------- d-----w- C:\Program Files\Common Files\McAfee

2009-12-22 03:26:20 . 2008-03-02 17:02:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee

2009-12-15 22:11:40 . 2009-12-05 19:48:00 117760 ----a-w- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-07 03:25:58 . 2009-06-03 18:35:52 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-07 03:25:16 . 2009-11-10 00:35:40 4844296 ----a-w- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-03 21:14:06 . 2009-06-03 18:35:57 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13:56 . 2009-06-03 18:35:54 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2009-11-11 17:24:39 . 2009-11-11 16:55:39 124339 ----a-w- C:\WINDOWS\HPHins12.dat

2009-11-11 17:21:56 . 2009-11-11 17:19:38 -------- d-----w- C:\Program Files\Common Files\HP

2009-11-11 17:20:17 . 2009-06-06 02:34:31 -------- d-----w- C:\Program Files\HP

2009-11-11 17:20:15 . 2009-11-11 17:20:15 -------- d-----w- C:\Program Files\Hewlett-Packard

2009-11-11 02:23:32 . 2009-11-11 02:23:27 -------- d-----w- C:\Program Files\7-Zip

2009-10-29 07:46:59 . 2004-08-04 12:00:00 832512 ------w- C:\WINDOWS\system32\wininet.dll

2009-10-29 07:46:52 . 2004-08-04 12:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll

2009-10-29 07:46:50 . 2004-08-04 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll

2009-10-21 06:00:55 . 2004-08-04 12:00:00 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll

2009-10-21 06:00:55 . 2004-08-04 12:00:00 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll

2009-10-20 16:54:12 . 2009-10-20 16:54:12 59976 ----a-w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe

2009-10-20 14:58:48 . 2004-08-04 12:00:00 263552 ----a-w- C:\WINDOWS\system32\drivers\http.sys

2009-10-13 10:53:29 . 2004-08-04 12:00:00 266752 ----a-w- C:\WINDOWS\system32\oakley.dll

2009-10-12 13:54:17 . 2004-08-04 12:00:00 69632 ----a-w- C:\WINDOWS\system32\raschap.dll

2009-10-12 13:54:17 . 2004-08-04 12:00:00 112128 ----a-w- C:\WINDOWS\system32\rastls.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 15:33:20 155648]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 01:05:00 344064]

"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 18:08:14 57344]

"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 16:28:00 684032]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 09:46:45 196608]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 23:51:40 81000]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk

backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2009-05-19 05:23:16 49968 ----a-w- C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-02-19 07:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-01-06 18:06:36 290088 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-02-06 23:51:28 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\AIM6\\aim6.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4824:TCP"= 4824:TCP:Services

"7758:TCP"= 7758:TCP:Services

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [12/21/2009 3:37:33 PM 114768]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [12/21/2009 3:37:33 PM 20560]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [7/30/2008 4:11:13 PM 93320]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\drivers\ozscr.sys [4/21/2005 8:58:38 PM 92550]

S1 94eb0448;94eb0448;C:\WINDOWS\system32\drivers\94eb0448.sys [6/3/2009 1:21:10 PM 0]

S1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys --> C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 echrwbq;echrwbq;\??\C:\WINDOWS\system32\drivers\ayjdyv.sys --> C:\WINDOWS\system32\drivers\ayjdyv.sys [?]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\0p87wyuy.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: C:\Documents and Settings\Michael\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll

.

Link to post
Share on other sites

Hi

Ok, You may have opened the combofix.txt file before all of the information was wrote to it.

What do you know about your firewalls open ports?

===============================================

low on disk space

Your computer's system drive is dangerously low on disk space:

System drive C: has 2 GB (6%) free of 38 GB

The partition with the system needs at least 15% Free Space, or it will bog down and run very slowly.

Please try to uninstall some software you do not need and/or move any documents/files/pictures etc to a form of removable media. (CD, DVD, USB flash drive etc)

  • Go to Start > My Computer
  • Right-click on the hard-drive letter for the system, (usually C: )
  • Click Properties
  • Under the General tab Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
  • Click Apply
  • If it asks whether to apply to all files and folders, answer Yes.
  • You may have to wait while it resets the file attributes.
  • Click OK

Reboot the machine.

Update Adobe Acrobat Reader

Your Adobe Acrobat Reader is out of date.

Older versions may have vulnerabilities that malware can use to infect your system.

Please download Adobe Reader 9.2 to your PC's desktop.

  • Uninstall Adobe Reader 7.0.9
    via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 17.

[*]Go to Java Site

[*]Click to Download Java SE Runtime Environment (JRE) 6 Update 17

[*]In Platform box choose Windows.

[*]Check the box to Accept License Agreement and click Continue.

[*]Click on Windows Offline Installation, click on the link under it which says "jre-6u17-windows-i586-p.exe" and save the downloaded file to your desktop.

[*]Go to Start => Control Panel => Add or Remove Programs

[*]Uninstall Java

Link to post
Share on other sites

Sorry for the delay, but I've done everything you've asked

Logfile of random's system information tool 1.06 (written by random/random)

Run by Michael at 2010-01-03 22:28:00

Microsoft Windows XP Professional Service Pack 2

System drive C: has 8 GB (20%) free of 38 GB

Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:02 PM, on 1/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Michael\desktop\rsit.exe

C:\Program Files\Trend Micro\HijackThis\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 7725 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]

AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]

"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2003-11-20 57344]

"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-03 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]

C:\PROGRA~1\TECHSM~1\SNAGIT~1\SnagIt32.exe [2007-05-01 6395464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"

"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"

"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"

"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-03 16:39:22 ----D---- C:\Program Files\Sun

2010-01-03 16:39:09 ----A---- C:\WINDOWS\system32\javaws.exe

2010-01-03 16:39:09 ----A---- C:\WINDOWS\system32\javaw.exe

2010-01-03 16:39:09 ----A---- C:\WINDOWS\system32\java.exe

2010-01-03 16:39:09 ----A---- C:\WINDOWS\system32\deploytk.dll

2010-01-03 16:23:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-12-28 12:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-12-28 02:12:57 ----SHD---- C:\RECYCLER

2009-12-28 01:45:05 ----D---- C:\ComboFix

2009-12-25 23:19:02 ----D---- C:\66fcef5f41913d453d44adb667c63a

2009-12-24 10:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2009-12-24 10:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2009-12-23 23:41:03 ----D---- C:\rsit

2009-12-23 17:43:38 ----D---- C:\Program Files\Trend Micro

2009-12-23 17:13:41 ----D---- C:\Program Files\HijackThis

2009-12-23 15:48:26 ----D---- C:\WINDOWS\temp

2009-12-23 15:26:47 ----A---- C:\WINDOWS\ntbtlog.txt

2009-12-23 02:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-12-23 02:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-12-23 02:09:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-12-23 02:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2009-12-23 02:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-23 02:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-12-23 01:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$

2009-12-23 01:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-12-23 01:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-12-23 01:56:22 ----D---- C:\WINDOWS\ServicePackFiles

2009-12-23 01:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2009-12-23 01:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-12-23 01:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-12-23 01:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-12-23 01:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-12-23 01:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-12-23 01:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-12-23 01:52:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-12-23 01:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2009-12-23 01:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-12-23 01:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-12-23 01:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2009-12-23 01:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-12-23 01:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-23 01:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2009-12-23 01:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-12-23 01:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-12-23 01:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-12-23 01:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-12-23 01:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

2009-12-23 01:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2009-12-23 01:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-12-23 01:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2009-12-23 01:28:44 ----A---- C:\WINDOWS\imsins.BAK

2009-12-23 01:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

2009-12-22 22:27:27 ----A---- C:\rollback.ini

2009-12-22 22:09:43 ----D---- C:\Program Files\Common Files\ParetoLogic

2009-12-22 22:09:43 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2009-12-22 20:25:22 ----A---- C:\Boot.bak

2009-12-22 20:25:12 ----RASHD---- C:\cmdcons

2009-12-22 20:22:36 ----A---- C:\WINDOWS\zip.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWSC.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\SWREG.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\sed.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\PEV.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\NIRCMD.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\MBR.exe

2009-12-22 20:22:36 ----A---- C:\WINDOWS\grep.exe

2009-12-22 20:22:11 ----D---- C:\WINDOWS\ERDNT

2009-12-22 20:15:44 ----D---- C:\Qoobox

2009-12-22 13:29:04 ----D---- C:\Program Files\CCleaner

2009-12-21 22:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 15:36:51 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-12-21 15:36:45 ----D---- C:\Program Files\Alwil Software

2009-12-05 14:47:30 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 14:45:51 ----D---- C:\Program Files\SUPERAntiSpyware

2009-12-05 14:45:51 ----D---- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 months======

2010-01-03 22:14:28 ----D---- C:\WINDOWS\Prefetch

2010-01-03 22:14:27 ----D---- C:\Program Files\Mozilla Firefox

2010-01-03 16:44:16 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-03 16:39:50 ----SHD---- C:\WINDOWS\Installer

2010-01-03 16:39:50 ----D---- C:\Config.Msi

2010-01-03 16:39:22 ----RD---- C:\Program Files

2010-01-03 16:39:09 ----D---- C:\WINDOWS\system32

2010-01-03 16:38:33 ----D---- C:\Program Files\Java

2010-01-03 16:34:26 ----D---- C:\Program Files\Common Files

2010-01-03 16:24:05 ----D---- C:\Program Files\Common Files\Adobe

2010-01-03 16:23:22 ----D---- C:\Program Files\Adobe

2010-01-03 16:14:23 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-03 16:03:55 ----D---- C:\Program Files\EA GAMES

2009-12-28 13:16:27 ----HD---- C:\WINDOWS\inf

2009-12-28 13:16:23 ----D---- C:\WINDOWS

2009-12-28 13:00:27 ----RSD---- C:\WINDOWS\assembly

2009-12-28 12:57:00 ----D---- C:\WINDOWS\Microsoft.NET

2009-12-28 12:28:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-28 12:27:18 ----D---- C:\WINDOWS\WinSxS

2009-12-28 12:22:53 ----D---- C:\WINDOWS\system32\CatRoot

2009-12-28 12:22:19 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-12-28 12:18:40 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-28 02:03:40 ----A---- C:\WINDOWS\system.ini

2009-12-28 02:02:50 ----D---- C:\WINDOWS\system32\drivers

2009-12-28 02:01:40 ----D---- C:\WINDOWS\system32\config

2009-12-28 01:57:07 ----D---- C:\WINDOWS\AppPatch

2009-12-25 23:23:14 ----D---- C:\WINDOWS\system32\XPSViewer

2009-12-25 23:23:07 ----D---- C:\WINDOWS\system32\en-us

2009-12-25 23:22:57 ----RSD---- C:\WINDOWS\Fonts

2009-12-25 23:07:32 ----D---- C:\Program Files\Internet Explorer

2009-12-23 17:09:29 ----D---- C:\WINDOWS\system32\wbem

2009-12-23 16:51:20 ----A---- C:\WINDOWS\win.ini

2009-12-23 12:46:44 ----SD---- C:\WINDOWS\Tasks

2009-12-23 12:31:16 ----D---- C:\WINDOWS\system32\Setup

2009-12-23 02:10:22 ----D---- C:\WINDOWS\system32\Restore

2009-12-23 01:48:33 ----D---- C:\Program Files\Outlook Express

2009-12-23 01:47:05 ----D---- C:\WINDOWS\ie7updates

2009-12-22 20:48:45 ----D---- C:\WINDOWS\Help

2009-12-22 20:25:23 ----RASH---- C:\boot.ini

2009-12-22 13:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-12-22 13:31:11 ----D---- C:\WINDOWS\Debug

2009-12-22 13:31:07 ----D---- C:\WINDOWS\Minidump

2009-12-22 12:17:40 ----D---- C:\WINDOWS\msagent

2009-12-21 22:26:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-21 22:26:21 ----D---- C:\Program Files\McAfee

2009-12-21 22:26:21 ----D---- C:\Program Files\Common Files\McAfee

2009-12-21 22:26:20 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2009-12-21 22:13:16 ----D---- C:\QUARANTINE

2009-12-21 18:00:12 ----D---- C:\WINDOWS\pss

2009-12-21 13:20:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$

2009-12-15 18:54:07 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$

2009-12-14 21:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$

2009-12-11 23:33:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-12-07 19:51:27 ----SHD---- C:\WINDOWS\CSC

2009-12-06 22:25:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-11-06 9336]

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-11-06 9464]

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []

R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2006-10-06 143834]

R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2006-10-06 206464]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]

R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1406464]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-01-27 150528]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]

R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2006-10-06 30630]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-21 92550]

R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-11-15 264440]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2004-01-13 2482176]

S1 94eb0448;94eb0448; C:\WINDOWS\System32\drivers\94eb0448.sys []

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

S2 echrwbq;echrwbq; \??\C:\WINDOWS\system32\drivers\ayjdyv.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Michael\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2006-10-06 25898]

S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]

S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-11-03 226816]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-03 153376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-03 22:28:04

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

AIM 6-->C:\Program Files\AIM6\uninst.exe

AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"

ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Broadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033

Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"

Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"

Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe

Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot

HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}

HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}

Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Java SE Development Kit 6 Update 17-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160170}

K-Lite Mega Codec Pack 4.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Mouse Suite-->PMUninst.exe MouseSuite98

Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}

OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe

Pinnacle Instant DVD Recorder-->C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly

proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

RAD Video Tools-->"C:\Program Files\RADVideo\uninstall.exe"

RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe

SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

SnagIt 8-->MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}

SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}

Studio 10 Bonus DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL

Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"

Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100103-0]

======System event log======

Computer Name: HOME

Event Code: 30013

Message: The DHCP allocator has disabled itself on IP address 192.168.1.2,

since the IP address is outside the 192.168.0.0/255.255.255.0 scope

from which addresses are being allocated to DHCP clients.

To enable the DHCP allocator on this IP address,

please change the scope to include the IP address,

or change the IP address to fall within the scope.

Record Number: 24

Source Name: ipnathlp

Time Written: 20091216160019.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 7000

Message: The Automatic Updates service failed to start due to the following error:

The system cannot find the file specified.

Record Number: 8

Source Name: Service Control Manager

Time Written: 20091216155857.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 49

Message: Configuring the Page file for crash dump failed. Make sure there is a page

file on the boot partition and that is large enough to contain all physical

memory.

Record Number: 6

Source Name: Ftdisk

Time Written: 20091216155832.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 45

Message: The system could not sucessfully load the crash dump driver.

Record Number: 5

Source Name: Ftdisk

Time Written: 20091216155832.000000-300

Event Type: error

User:

Computer Name: HOME

Event Code: 4

Message: Broadcom 570x Gigabit Integrated Controller #2: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 4

Source Name: b57w2k

Time Written: 20091216155832.000000-300

Event Type: warning

User:

=====Application event log=====

Computer Name: HOME

Event Code: 0

Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.

If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 49

Source Name: System.ServiceModel.Install 3.0.0.0

Time Written: 20091225232330.000000-300

Event Type: warning

User:

Computer Name: HOME

Event Code: 1020

Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 32

Source Name: ASP.NET 2.0.50727.0

Time Written: 20091225231435.000000-300

Event Type: warning

User:

Computer Name: HOME

Event Code: 1517

Message: Windows saved user HOME\Michael registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 17

Source Name: Userenv

Time Written: 20091224135951.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: HOME

Event Code: 1524

Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 16

Source Name: Userenv

Time Written: 20091224135948.000000-300

Event Type: warning

User: HOME\Michael

Computer Name: HOME

Event Code: 2002

Message: The MOF file created for the Outlook service could not be loaded. The

error code returned by the MOF Compiler is contained in the Record Data.

Before the performance counters of this service can be collected by WMI

the MOF file will need to be loaded manually. Contact the vendor of this

service for additional information.

Record Number: 4

Source Name: LoadPerf

Time Written: 20091223170929.000000-300

Event Type: warning

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0905

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Hi

Thanks for that. How are things running now?

COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    File::
    C:\WINDOWS\System32\drivers\94eb0448.sys
    C:\WINDOWS\system32\drivers\ayjdyv.sys

    Driver::
    94eb0448
    echrwbq


  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Link to post
Share on other sites

Things have been running much smoother, thanks.

By the way a message appeared before I ran combofix saying that it had expired. I decided not to do any updates or anything because I didn't know if tat would interfere with your script. Don't know if that matters or not.

ComboFix 09-12-26.05 - Michael 01/05/2010 22:34:28.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.615 [GMT -5:00]

Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

- REDUCED FUNCTIONALITY MODE -

FILE ::

"c:\windows\System32\drivers\94eb0448.sys"

"c:\windows\system32\drivers\ayjdyv.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\System32\drivers\94eb0448.sys

.

---- Previous Run -------

.

c:\documents and settings\Michael\Application Data\LimeWire\active.mojito

c:\documents and settings\Michael\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\auth.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\caps.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\composer.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\directory.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\editor.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\find.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\intl.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jar.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\locale.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\places.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\pref.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\profile.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\storage.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\update.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\widget.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\crashreporter.ini

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\dependentlibs.list

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.chk

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\freebl3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\all.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\js3250.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\LICENSE

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\debug.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\utils.js

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctl.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\mozctlx.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\msvcr71.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\nspr4.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\nss3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\nssckbi.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\nssutil3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\platform.ini

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\plc4.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\plds4.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\README.txt

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrow.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\designmode.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\forms.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\grabber.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\html\folder.png

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\language.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\mathml.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\quirk.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\svg.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\ua.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\viewsource.css

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\smime3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.chk

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\softokn3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\sqlite3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\ssl3.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\updater.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\version.properties

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcom.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpcshell.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpidl.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xpt_link.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xul.dll

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe

c:\documents and settings\Michael\Application Data\LimeWire\browser\xulrunner\xulrunner.exe

c:\documents and settings\Michael\Application Data\LimeWire\certificate\limewire.keystore

c:\documents and settings\Michael\Application Data\LimeWire\createtimes.cache

c:\documents and settings\Michael\Application Data\LimeWire\downloads.dat

c:\documents and settings\Michael\Application Data\LimeWire\fileurns.bak

c:\documents and settings\Michael\Application Data\LimeWire\fileurns.cache

c:\documents and settings\Michael\Application Data\LimeWire\filters.props

c:\documents and settings\Michael\Application Data\LimeWire\gnutella.net

c:\documents and settings\Michael\Application Data\LimeWire\installation.props

c:\documents and settings\Michael\Application Data\LimeWire\library.dat

c:\documents and settings\Michael\Application Data\LimeWire\library5.dat

c:\documents and settings\Michael\Application Data\LimeWire\limewire.props

c:\documents and settings\Michael\Application Data\LimeWire\mojito.props

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\.autoreg

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\cert8.db

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\compreg.dat

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\cookies.sqlite

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\downloads.sqlite

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.cache

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\extensions.ini

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\history.dat

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\key3.db

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\permissions.sqlite

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite-journal

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\places.sqlite

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\pluginreg.dat

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\prefs.js

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\secmod.db

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\XPC.mfl

c:\documents and settings\Michael\Application Data\LimeWire\mozilla-profile\xpti.dat

c:\documents and settings\Michael\Application Data\LimeWire\promotion\promodb.backup

c:\documents and settings\Michael\Application Data\LimeWire\promotion\promodb.data

c:\documents and settings\Michael\Application Data\LimeWire\promotion\promodb.properties

c:\documents and settings\Michael\Application Data\LimeWire\promotion\promodb.script

c:\documents and settings\Michael\Application Data\LimeWire\questions.props

c:\documents and settings\Michael\Application Data\LimeWire\responses.cache

c:\documents and settings\Michael\Application Data\LimeWire\simpp.xml

c:\documents and settings\Michael\Application Data\LimeWire\spam.dat

c:\documents and settings\Michael\Application Data\LimeWire\tables.props

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme.lwtp

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\01_star.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\02_star.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\03_star.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\04_star.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\05_star.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\chat.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_dn.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\forward_up.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\kill.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\kill_on.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\logo.png

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\notsearching.png

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_dn.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\pause_up.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\play_dn.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\play_up.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\question.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\rewind_up.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\searching.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_dn.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\stop_up.gif

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\theme.txt

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\version.txt

c:\documents and settings\Michael\Application Data\LimeWire\themes\windows_theme\warning.gif

c:\documents and settings\Michael\Application Data\LimeWire\ttdata.cache

c:\documents and settings\Michael\Application Data\LimeWire\ttrees.cache

c:\documents and settings\Michael\Application Data\LimeWire\ttroot.cache

c:\documents and settings\Michael\Application Data\LimeWire\version.xml

c:\documents and settings\Michael\Application Data\LimeWire\version.xml46005tmp

c:\documents and settings\Michael\Application Data\LimeWire\versions.props

c:\documents and settings\Michael\Application Data\LimeWire\xml\data\audio.sxml3

c:\documents and settings\Michael\Application Data\LimeWire\xml\data\video.sxml3

c:\windows\system32\drivers\kkdrdgafkfip.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_KLIF

-------\Service_KLIF

-------\Legacy_kkdrdgafkfip

-------\Service_kkdrdgafkfip

((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))

.

2010-01-04 17:43 . 2010-01-04 17:43 -------- d-----w- c:\documents and settings\Michael\Application Data\ISIS Drivers

2010-01-04 17:41 . 2010-01-04 17:41 -------- d-----w- c:\windows\PIXTRAN

2010-01-04 17:41 . 2010-01-04 17:41 -------- d-----w- c:\program files\BrownTech

2010-01-03 21:39 . 2010-01-03 21:39 -------- d-----w- c:\program files\Sun

2010-01-03 21:39 . 2010-01-03 21:38 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-12-26 04:19 . 2009-12-26 04:22 -------- d-----w- C:\66fcef5f41913d453d44adb667c63a

2009-12-24 15:57 . 2009-12-24 15:57 -------- d-----w- c:\documents and settings\HelpAssistant\Pavark

2009-12-24 04:41 . 2009-12-24 04:41 -------- d-----w- C:\rsit

2009-12-23 22:43 . 2009-12-23 22:43 -------- d-----w- c:\program files\Trend Micro

2009-12-23 21:38 . 2009-12-23 21:51 -------- d-----w- c:\documents and settings\Michael\Pavark

2009-12-23 06:56 . 2009-12-23 06:56 -------- d-----w- c:\windows\ServicePackFiles

2009-12-23 03:27 . 2009-12-28 07:02 88864 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-12-23 03:27 . 2009-12-28 07:02 1387040 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-12-23 03:09 . 2009-12-23 17:52 -------- d-----w- c:\program files\Common Files\ParetoLogic

2009-12-23 03:09 . 2009-12-23 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-12-23 03:08 . 2009-12-23 03:08 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Downloaded Installations

2009-12-22 18:29 . 2009-12-22 18:29 -------- d-----w- c:\program files\CCleaner

2009-12-22 03:19 . 2009-12-22 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-12-21 20:37 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-12-21 20:37 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-12-21 20:37 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-12-21 20:37 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-12-21 20:37 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-12-21 20:37 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-12-21 20:37 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-12-21 20:37 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-12-21 20:36 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-12-21 20:36 . 2009-12-21 20:36 -------- d-----w- c:\program files\Alwil Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-06 03:31 . 2008-03-02 20:02 79032 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-03 21:38 . 2005-07-01 14:59 -------- d-----w- c:\program files\Java

2010-01-03 21:24 . 2006-10-06 22:11 -------- d-----w- c:\program files\Common Files\Adobe

2010-01-03 21:03 . 2008-03-15 20:00 -------- d-----w- c:\program files\EA GAMES

2009-12-28 07:02 . 2009-12-23 03:27 9404 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-12-28 07:02 . 2009-12-23 03:27 19652 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-12-23 03:32 . 2009-12-23 03:32 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2009-12-22 18:57 . 2007-09-01 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-12-22 03:26 . 2008-03-02 19:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-12-22 03:26 . 2009-12-05 19:45 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-12-22 03:26 . 2008-03-02 17:01 -------- d-----w- c:\program files\McAfee

2009-12-22 03:26 . 2008-03-02 17:01 -------- d-----w- c:\program files\Common Files\McAfee

2009-12-22 03:26 . 2008-03-02 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-12-15 22:11 . 2009-12-05 19:48 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-07 03:25 . 2009-06-03 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 03:25 . 2009-11-10 00:35 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-05 19:47 . 2009-12-05 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-05 19:45 . 2009-12-05 19:45 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com

2009-12-05 05:15 . 2009-12-05 05:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2009-12-03 21:14 . 2009-06-03 18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 21:13 . 2009-06-03 18:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-11 17:24 . 2009-11-11 16:55 124339 ----a-w- c:\windows\HPHins12.dat

2009-11-11 17:21 . 2009-11-11 17:19 -------- d-----w- c:\program files\Common Files\HP

2009-11-11 17:20 . 2009-06-06 02:34 -------- d-----w- c:\program files\HP

2009-11-11 17:20 . 2009-11-11 17:20 -------- d-----w- c:\program files\Hewlett-Packard

2009-11-11 02:23 . 2009-11-11 02:23 -------- d-----w- c:\program files\7-Zip

2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll

2009-10-29 07:46 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-10-21 06:00 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:00 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe

2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:53 . 2004-08-04 12:00 266752 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:54 . 2004-08-04 12:00 112128 ----a-w- c:\windows\system32\rastls.dll

.

Link to post
Share on other sites

((((((((((((((((((((((((((((( SnapShot@2009-12-23_20.45.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-03 21:45 . 2010-01-03 21:45 16384 c:\windows\temp\Perflib_Perfdata_d4.dat

+ 2010-01-03 21:45 . 2010-01-03 21:45 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat

+ 2006-10-06 21:22 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe

- 2006-10-06 21:22 . 2007-07-27 15:41 26488 c:\windows\system32\spupdsvc.exe

+ 2007-08-26 23:34 . 2008-07-06 12:06 89088 c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2007-05-11 16:22 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll

- 2007-05-11 16:22 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll

+ 2008-07-30 00:59 . 2008-07-30 00:59 43544 c:\windows\system32\PresentationHostProxy.dll

+ 2008-06-09 19:25 . 2008-06-09 19:25 95640 c:\windows\system32\PIXTREEN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 95640 c:\windows\system32\PIXTAGN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 50576 c:\windows\system32\PIXSLN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 50584 c:\windows\system32\PIXRAMN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 58784 c:\windows\system32\PIXPERMN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 58776 c:\windows\system32\PIXPANN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 79256 c:\windows\system32\PIXNAMEN.DLL

+ 2008-06-09 19:23 . 2008-06-09 19:23 51712 c:\windows\system32\PIXN20.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 50576 c:\windows\system32\PIXMPN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 50584 c:\windows\system32\PIXMDLGN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 83360 c:\windows\system32\PIXLOCN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 75160 c:\windows\system32\PIXDLGN.DLL

+ 2008-06-09 19:24 . 2008-06-09 19:24 99744 c:\windows\system32\PIXAPS.DLL

+ 2004-08-04 12:00 . 2009-12-28 17:28 72306 c:\windows\system32\perfc009.dat

+ 2008-07-25 16:17 . 2008-07-25 16:17 15360 c:\windows\system32\mui\0409\mscorees.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 15360 c:\windows\system32\mui\0409\mscorees.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 83968 c:\windows\system32\mscories.dll

+ 2008-07-30 00:24 . 2008-07-30 00:24 97800 c:\windows\system32\infocardapi.dll

+ 2008-07-30 00:24 . 2008-07-30 00:24 11264 c:\windows\system32\icardres.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\dllcache\strmfilt.dll

+ 2004-08-04 12:00 . 2009-10-21 06:00 75776 c:\windows\system32\dllcache\strmfilt.dll

+ 2004-08-04 12:00 . 2009-10-21 06:00 25088 c:\windows\system32\dllcache\httpapi.dll

+ 2006-10-14 20:43 . 2008-07-06 12:06 89088 c:\windows\system32\dllcache\filterpipelineprintproc.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 96760 c:\windows\system32\dfshim.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 96760 c:\windows\system32\dfshim.dll

+ 2008-07-30 04:40 . 2008-07-30 04:40 70648 c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

+ 2008-07-30 04:40 . 2008-07-30 04:40 91136 c:\windows\Microsoft.NET\Framework\v3.5\MSBuild.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll

+ 2008-07-30 04:40 . 2008-07-30 04:40 40960 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 89080 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 92664 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 95224 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 89592 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 84480 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 94720 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 97792 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 84992 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll

+ 2008-07-29 23:47 . 2008-07-29 23:47 97280 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 95224 c:\windows\Microsoft.NET\Framework\v3.5\EdmGen.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 78856 c:\windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe

+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe

+ 2008-07-30 02:10 . 2008-07-30 02:10 46104 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2008-07-30 00:59 . 2008-07-30 00:59 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

- 2007-10-09 17:58 . 2007-10-09 17:58 32768 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2008-07-30 02:10 . 2008-07-30 02:10 71160 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2008-07-30 00:32 . 2008-07-30 00:32 17448 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

- 2007-10-11 14:55 . 2007-10-11 14:55 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2008-07-30 00:16 . 2008-07-30 00:16 73728 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2008-07-30 00:16 . 2008-07-30 00:16 20504 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2008-07-30 00:16 . 2008-07-30 00:16 11280 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 37896 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 16:17 . 2008-07-25 16:17 81400 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 57392 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 95232 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 88584 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 24584 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 31744 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 77312 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 94208 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 46592 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 97792 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 65032 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 77824 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 18936 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 62968 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 35320 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 27136 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 80376 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 89608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2008-11-25 09:59 . 2008-11-25 09:59 31560 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 34312 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 33288 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 33800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 17416 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 22024 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2008-07-25 16:17 . 2008-07-25 16:17 58880 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 98808 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 96768 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 16896 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 16896 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 82944 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2009-12-26 04:14 . 2009-12-26 04:14 88576 c:\windows\Installer\6a6ab.msi

+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\1a25a1.msp

+ 2009-12-24 15:49 . 2009-12-24 15:49 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2009-12-23 17:56 . 2009-12-23 17:56 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-01-04 17:41 . 2010-01-04 17:41 45056 c:\windows\Installer\{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}\ARPPRODUCTICON.exe

+ 2009-04-03 23:01 . 2009-04-03 23:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\XL12CNVP.DLL

+ 2009-04-03 22:57 . 2009-04-03 22:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\WRD12EXE.EXE

+ 2009-04-02 19:35 . 2009-04-02 19:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY.DLL

+ 2009-04-02 19:35 . 2009-04-02 19:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.EXE

+ 2009-12-26 04:19 . 2008-07-06 12:06 89088 c:\windows\Driver Cache\i386\filterpipelineprintproc.dll

+ 2009-12-28 17:31 . 2009-12-28 17:31 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll

+ 2009-12-28 18:00 . 2009-12-28 18:00 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll

+ 2009-12-28 17:59 . 2009-12-28 17:59 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll

+ 2009-12-28 17:58 . 2009-12-28 17:58 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-12-28 17:58 . 2009-12-28 17:58 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

+ 2009-12-28 17:30 . 2009-12-28 17:30 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe

+ 2009-12-28 17:31 . 2009-12-28 17:31 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll

+ 2009-12-28 17:59 . 2009-12-28 17:59 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll

+ 2009-12-28 17:31 . 2009-12-28 17:31 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll

+ 2009-12-28 17:31 . 2009-12-28 17:31 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll

+ 2009-12-28 17:58 . 2009-12-28 17:58 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2009-12-28 17:57 . 2009-12-28 17:57 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2009-12-28 17:31 . 2009-12-28 17:31 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

+ 2009-12-26 04:23 . 2009-12-26 04:23 94208 c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2009-12-26 04:23 . 2009-12-26 04:23 98304 c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2009-12-26 04:23 . 2009-12-26 04:23 40960 c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 12288 c:\windows\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2009-12-26 04:25 . 2009-12-26 04:25 61440 c:\windows\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll

+ 2009-12-28 17:26 . 2009-12-28 17:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-12-26 04:25 . 2009-12-26 04:25 32768 c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll

+ 2009-12-26 04:25 . 2009-12-26 04:25 77824 c:\windows\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll

- 2008-03-02 18:55 . 2008-03-02 18:55 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-12-26 04:22 . 2009-12-26 04:22 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2009-12-26 04:22 . 2009-12-26 04:22 73728 c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2009-12-28 17:26 . 2009-12-28 17:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 53248 c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 57344 c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 45056 c:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2009-12-26 04:23 . 2009-12-26 04:23 46104 c:\windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe

+ 2009-12-26 04:22 . 2009-12-26 04:22 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

- 2008-03-02 18:55 . 2008-03-02 18:55 32768 c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 41984 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 94208 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll

+ 2009-12-26 04:24 . 2009-12-26 04:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2009-12-23 06:43 . 2009-12-23 06:43 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-12-28 17:27 . 2009-12-28 17:27 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2008-07-30 04:40 . 2008-07-30 04:40 5632 c:\windows\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2008-07-25 16:16 . 2008-07-25 16:16 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 6656 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2007-10-24 06:47 . 2007-10-24 06:47 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2008-07-25 16:17 . 2008-07-25 16:17 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2008-07-25 16:16 . 2008-07-25 16:16 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2007-10-24 06:47 . 2007-10-24 06:47 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2009-12-