Page 8 of 9 FirstFirst ... 456789 LastLast
Results 71 to 80 of 82

Thread: win32/vundo and others

  1. #71
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    Ken

    I ran the SUPERAntiSpyware as suggested. It turned up quite a lot. Most were tracking cookies, but there were 4 registry items 2 of which were unknown...I had to restart the computer as you said, but unfortunately the computer just hung and would not restart. I had to pull the plug. When I restarted and went to retrive the log file there was nothing there. CA Antivirus was running in the background and during the scan also turned up 6 positives, not sure if they were related to the ongoing scan.

    I'm running another SUPERAntiSpyware scan now (the last one took 2 hours) and if I can I'll post a log along with a HJT log....not sure if there was still something remaining that was causing the restart to "hang", but it did look as if the last scan got deep.

    I'll post again as soon as this is done.

    Mark

  2. #72
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/01/2009 at 09:34 PM

    Application Version : 4.26.1000

    Core Rules Database Version : 3816
    Trace Rules Database Version: 1770

    Scan type : Complete Scan
    Total Scan Time : 01:40:56

    Memory items scanned : 528
    Memory threats detected : 0
    Registry items scanned : 4827
    Registry threats detected : 1
    File items scanned : 25050
    File threats detected : 12

    Adware.Tracking Cookie
    C:\Documents and Settings\Visitor\Cookies\visitor@ad.yieldmanager[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@dynamic.media.adrevolver[2].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@media.adrevolver[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@bs.serving-sys[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@adrevolver[2].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@2o7[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@questionmarket[2].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@doubleclick[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@statcounter[1].txt
    C:\Documents and Settings\Visitor\Cookies\visitor@serving-sys[1].txt

    Rogue.Component/Trace
    HKU\S-1-5-21-3171877675-2738174297-3010523710-1010\Software\Microsoft\FIAS4051

    Adware.Vundo/Variant-MSFake
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP365\A0066484.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP365\A0066485.EXE


    Less data than the original, but hopefully we are getting there.


    HJT log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:54:06 PM, on 4/1/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINDOWS\cfgmng32.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\mdmcls32.exe
    C:\WINDOWS\System32\svchost.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [PNdMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [PNoundMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: MA111 Configuration Utility.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 9204 bytes


    Mark

  3. #73
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Mark,

    You never uploaded this file to VT .

    You need to enable windows to show all files and folders, instructions Here


    Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

    c:\windows\SYSTEM32\DRIVERS\c1002347.sys






    Download GMER's application from here:
    http://www.gmer.net/gmer.zip

    Unzip it and start the GMER.exe
    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.
    This will copy the results to your clipboard.
    Paste the results in your next reply.






    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #74
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    That was the file that the CA tech sent there and deleted...

    "Ken

    Spent 1 1/2 hours on phone with CA malware specialist...the file you asked me to check was the one that he did exactly that with and deleted it. "


    I guess its back. I'll do same and post back

    Mark

  5. #75
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    GMER I have already...the CA guy downloaded it. Should I delete and install a fresh version?

  6. #76
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    We never discussed what file the tech told you to delete and I noticed that you never uploaded it to VT. It may not be back, wont know until you run GMER ( no need to update) and run RSIT
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #77
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    Ken

    I was running that last scan all day and it hadnt completed when I got a call from CA. Long story short this guy got it. The Virus was in a folder that looked legitimate.

    He removed or disabled the warning red cross on the toolbar and then opened the contaminated folder which automatically put the alert back out there. He deleted the folder and everything looks ok. The virus did cause some damage to the settings tabs as we discussed previously, and I have lost my task manager (not sure how to get that back). As a result of deleting the folder I lost sound on the pc but he warned me that may happen and I think it is just a case of downloading the driver from Dell.

    This was the first time he has seen one like this, that looked so legitimate.

    For your information and anyone else out there that may get a similar issue the virus was here:

    Program Files/Analog Devices/SoundMax/PNSmax4PNP.htm

    Ken I want to thankyou for all the time and effort that you put into this case, I am very appreciative of the job that you and your colleages do in trying to help us non-tech savvy folk in our times of need.

    As a last thing, is there a scan that you would recommend to run to just make sure everything looks fine? The one I was doing this morning was running all day and showed no signs of ending....should I restart that one, or would something more simple do?

    Thanks

    Mark

  8. #78
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Mark,

    Cant believe that file is bad, but these dirtbags that write this stuff always try and elude legit files.

    Run RSIT, its a quick scan.

    Let me look at it and then I can link you to some windows forums that can help you with windows problems.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #79
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    wow that was really quick Ken....must have run all of 10 seconds.

    log posted below:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Visitor at 2009-04-02 22:10:43
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 7 GB (9%) free of 73 GB
    Total RAM: 2046 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:10:55 PM, on 4/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\WINDOWS\cfgmng32.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mdmcls32.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Visitor\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Visitor.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [PNdMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [PNoundMAX\PNSMax4PNP] C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [CF1DelUnicows] cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\unicows.dll
    O4 - HKCU\..\RunOnce: [CF1DelEXE] cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe
    O4 - HKCU\..\RunOnce: [CF1DelMsvcr] cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\msvcr71.dll
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: MA111 Configuration Utility.lnk = ?
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

    --
    End of file - 9444 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-09-05 816400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-20 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
    AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-29 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-29 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-09-05 816400]
    {61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe []
    "IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
    "PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
    "MMTray"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe [2005-03-15 135168]
    "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
    "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
    "Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-18 290816]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-04-30 180269]
    "mmtask"=C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [2005-03-15 53248]
    "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
    "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
    "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-03-14 257088]
    "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
    "Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
    "cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-01-23 181488]
    "dvHighMem"=C:\WINDOWS\cfgmng32.exe [2007-11-14 11333632]
    "CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
    "PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
    "PNSMax4PNP"=C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe []
    "PNdMAX\PNSMax4PNP"=C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe []
    "PNoundMAX\PNSMax4PNP"=C:\Program Files\Analog Devices\SoundMAX\PNSMax4PNP.exe []
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-29 148888]
    "SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
    "AIM"=C:\Program Files\AIM\aim.exe [2004-12-08 67160]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "CF1DelUnicows"=cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\unicows.dll []
    "CF1DelEXE"=cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe []
    "CF1DelMsvcr"=cmd /C del C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\msvcr71.dll []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispAppearancePage"=1
    "NoDispSettingsPage"=1
    "NoDispCPL"=0
    "NoDispScrSavPage"=0
    "DisableTaskMgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableTaskMgr"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoActiveDesktopChanges"=00000000
    "NoActiveDesktop"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "HonorAutoRunSetting"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Disabled:bfvietnam"
    "C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\RALINK\Common\ApUI.exe"="C:\Program Files\RALINK\Common\ApUI.exe:*:Enabled:Ralink Wireless Access Point Utility"
    "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe:*:Enabled:ISafe"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-04-02 22:10:43 ----D---- C:\rsit
    2009-04-01 19:49:27 ----D---- C:\Documents and Settings\Visitor\Application Data\SUPERAntiSpyware.com
    2009-04-01 17:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-04-01 17:34:15 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-04-01 17:33:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-04-01 08:48:19 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-04-01 08:48:18 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-04-01 08:48:18 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-04-01 08:48:17 ----A---- C:\WINDOWS\system32\VACFix.exe
    2009-04-01 08:48:17 ----A---- C:\WINDOWS\system32\404Fix.exe
    2009-04-01 08:48:16 ----A---- C:\WINDOWS\system32\WS2Fix.exe
    2009-04-01 08:48:16 ----A---- C:\WINDOWS\system32\VCCLSID.exe
    2009-04-01 08:48:16 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-04-01 08:48:16 ----A---- C:\WINDOWS\system32\IEDFix.exe
    2009-04-01 08:48:15 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-04-01 08:48:15 ----A---- C:\WINDOWS\system32\SrchSTS.exe
    2009-04-01 08:48:15 ----A---- C:\WINDOWS\system32\dumphive.exe
    2009-04-01 08:48:14 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-04-01 08:48:14 ----A---- C:\WINDOWS\system32\Process.exe
    2009-04-01 08:32:04 ----A---- C:\WINDOWS\system32\tmp.txt
    2009-04-01 08:31:04 ----A---- C:\rapport.txt
    2009-04-01 08:07:57 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-31 15:04:48 ----A---- C:\WINDOWS\gmer.ini
    2009-03-31 15:04:42 ----A---- C:\WINDOWS\gmer_uninstall.cmd
    2009-03-31 15:04:42 ----A---- C:\WINDOWS\gmer.dll
    2009-03-31 15:04:39 ----A---- C:\WINDOWS\gmer.exe
    2009-03-31 14:51:21 ----D---- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
    2009-03-30 13:33:16 ----SHD---- C:\RECYCLER
    2009-03-30 07:38:56 ----D---- C:\_OTMoveIt
    2009-03-29 22:36:27 ----A---- C:\ComboFix.txt
    2009-03-29 22:27:18 ----D---- C:\ComboFix
    2009-03-29 19:34:03 ----AD---- C:\autorun.inf
    2009-03-29 12:24:28 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-03-29 12:24:28 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-03-29 12:24:28 ----A---- C:\WINDOWS\system32\java.exe
    2009-03-29 12:24:28 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-03-29 10:01:22 ----D---- C:\WINDOWS\temp
    2009-03-29 09:47:02 ----A---- C:\Boot.bak
    2009-03-29 09:46:54 ----RASHD---- C:\cmdcons
    2009-03-29 09:32:56 ----D---- C:\WINDOWS\ERDNT
    2009-03-29 09:29:08 ----AD---- C:\Qoobox
    2009-03-28 18:38:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-26 16:09:43 ----A---- C:\caisslog.txt.encrypt
    2009-03-26 16:09:35 ----A---- C:\caavsetupLog.txt.encrypt
    2009-03-26 16:06:05 ----A---- C:\crypt.txt
    2009-03-26 14:52:01 ----D---- C:\Documents and Settings\Visitor\Application Data\Malwarebytes
    2009-03-11 09:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 09:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-03-11 09:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-11 09:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

    ======List of files/folders modified in the last 1 months======

    2009-04-02 22:10:29 ----D---- C:\WINDOWS\Prefetch
    2009-04-02 17:22:23 ----D---- C:\Program Files\Mozilla Firefox
    2009-04-02 17:09:39 ----D---- C:\WINDOWS\SYSTEM32
    2009-04-02 17:09:39 ----D---- C:\WINDOWS
    2009-04-02 17:04:48 ----SD---- C:\WINDOWS\Tasks
    2009-04-02 17:02:09 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
    2009-04-02 17:00:33 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-02 16:50:35 ----RD---- C:\Program Files
    2009-04-02 16:35:11 ----D---- C:\WINDOWS\system32\DRIVERS
    2009-04-02 08:21:03 ----D---- C:\WINDOWS\CAVTemp
    2009-04-02 08:07:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-04-01 21:45:51 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-04-01 17:34:39 ----SHD---- C:\WINDOWS\Installer
    2009-04-01 17:33:23 ----D---- C:\Program Files\Common Files
    2009-03-31 15:36:32 ----SD---- C:\Documents and Settings\Visitor\Application Data\Microsoft
    2009-03-30 22:27:01 ----D---- C:\Documents and Settings\Visitor\Application Data\GetRightToGo
    2009-03-30 05:06:37 ----D---- C:\WINDOWS\system32\FxsTmp
    2009-03-29 22:33:18 ----A---- C:\WINDOWS\system.ini
    2009-03-29 22:31:02 ----D---- C:\WINDOWS\AppPatch
    2009-03-29 12:24:01 ----D---- C:\Program Files\Java
    2009-03-29 09:52:14 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
    2009-03-29 09:47:02 ----RASH---- C:\BOOT.INI
    2009-03-29 09:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2009-03-29 09:14:44 ----D---- C:\Program Files\Viewpoint
    2009-03-26 16:16:04 ----D---- C:\DELL
    2009-03-25 07:46:17 ----A---- C:\WINDOWS\system32\mdmcls32.exe
    2009-03-19 19:45:14 ----A---- C:\WINDOWS\WIN.INI
    2009-03-16 12:08:37 ----D---- C:\WINDOWS\Debug
    2009-03-15 09:55:29 ----HD---- C:\WINDOWS\INF
    2009-03-12 17:15:20 ----D---- C:\Program Files\Zune
    2009-03-11 09:12:21 ----D---- C:\WINDOWS\WinSxS
    2009-03-11 06:29:33 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-08 08:47:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
    R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
    R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-10 880560]
    R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
    R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-09-09 26352]
    R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-09-09 32240]
    R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-09-09 21104]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-03 21361]
    R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
    R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
    R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
    R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
    R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
    R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
    R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
    R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
    R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
    R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
    R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
    R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
    R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
    R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
    R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
    R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
    R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-01-31 560896]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-10 108368]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
    S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
    S3 catchme;catchme; \??\C:\DOCUME~1\Visitor\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-03-31 85969]
    S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
    S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
    S3 WlanUIB;NETGEAR 802.11b USB Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-09-29 666624]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-03-11 144696]
    R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-29 152984]
    R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
    R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
    R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-01-23 214256]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-03-14 500800]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-20 183280]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
    S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]

    -----------------EOF-----------------

  10. #80
    Member
    Join Date
    Oct 2007
    Posts
    78

    Default

    sorry to post twice but the scan produced 2 logs and I wasnt sure which one you needed

    info.txt logfile of random's system information tool 1.06 2009-04-02 22:10:57

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A05B328-35EB-4CED-B16F-62FA5A2642E6}\setup.exe" -l0x9 IfYouSeeThisAlowOnlyRemove -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
    ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
    Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
    Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
    Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
    Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
    Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
    Battlefield Vietnam(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
    Battlefield Vietnam: WW2 Mod-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x9
    CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
    CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
    Costco Photo Organizer-->MsiExec.exe /X{008739FA-4232-45BE-A58B-00B1C6998BFD}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
    Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
    Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
    Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
    Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
    DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    Finale NotePad 2006-->C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2006\uninstal.log
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
    Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Harry Potter and the Prisoner of Azkaban(TM)-->C:\Program Files\EA GAMES\Harry Potter and the Prisoner of Azkaban(TM)\EAUninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) 537EP V9x DFV PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DFV PCI Modem"
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
    Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
    Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
    iTunes-->MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
    Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
    Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    MA111 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B35E04CF-3A12-4F91-9981-ECF1915BCE76}\Setup.exe" -l0x9
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
    Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
    Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
    Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
    Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
    Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
    Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
    Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
    Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
    Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
    PunkBuster for Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
    PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
    QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe -runfromtemp -l0x0009 -removeonly
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
    SpongeBob SquarePants - The Movie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B98D958E-9E59-43B7-B47F-043D45D73EE6}\setup.exe" -l0x9 -uninst
    Stronghold Crusader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0x9
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
    Treasure MathStorm!-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\Tmscd\Uninst\DeIsL1.isu
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Webcam 2200-->C:\Program Files\InstallShield Installation Information\{9BF745FA-1118-44D2-9362-179DA4B27AC6}\setup.exe -runfromtemp -l0x0009 -removeonly
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
    Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
    Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
    Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

    =====HijackThis Backups=====

    O4 - Startup: Deewoo.lnk = C:\WINDOWS\SYSTEM32\mcntrkdn.exe [2008-04-10]
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rwwnw64d.exe [2008-04-10]
    O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\mcntrkdn.exe DWram [2008-04-11]
    O2 - BHO: {2466f5e0-38fc-b2b8-8d34-689762611b00} - {00b11626-7986-43d8-8b2b-cf830e5f6642} - C:\WINDOWS\system32\nthunp.dll [2009-03-28]
    O2 - BHO: (no name) - {72832392-c790-4ad9-bf7e-57ec65eaaeac} - C:\WINDOWS\system32\weheyulu.dll [2009-03-28]
    O20 - AppInit_DLLs: C:\WINDOWS\system32\lujisosa.dll c:\windows\system32\mohehelo.dll nthunp.dll c:\windows\system32\havifohi.dll [2009-03-28]
    O4 - HKLM\..\Run: [CPMf73fb16e] Rundll32.exe "c:\windows\system32\havifohi.dll",a [2009-03-28]
    O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-6505427441-8421015466-729328291-4041\service.exe [2009-03-28]
    O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\de9ifv.exe [2009-03-28]
    O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\de9ifv.exe [2009-03-28]
    O4 - HKLM\..\Run: [Ufoxiporer] rundll32.exe "C:\WINDOWS\Itubade.dll",e [2009-03-28]
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) [2009-03-28]
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe [2009-03-28]
    O4 - HKLM\..\Run: [fakukadelo] Rundll32.exe "C:\WINDOWS\system32\repeseza.dll",s [2009-03-28]
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe [2009-03-29]
    O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\de9ifv.exe [2009-03-29]
    O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\SYSTEM32\svcprs32.exe [2009-03-30]

    ======Security center information======

    AV: CA Anti-Virus

    ======System event log======

    Computer Name: SITTINGROOM
    Event Code: 10016
    Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5F36DC27-B076-4D0C-BD8C-7AEE14022193}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

    Record Number: 236005
    Source Name: DCOM
    Time Written: 20090329125317.000000-240
    Event Type: error
    User: NT AUTHORITY\LOCAL SERVICE

    Computer Name: SITTINGROOM
    Event Code: 10016
    Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5F36DC27-B076-4D0C-BD8C-7AEE14022193}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

    Record Number: 236004
    Source Name: DCOM
    Time Written: 20090329125316.000000-240
    Event Type: error
    User: NT AUTHORITY\LOCAL SERVICE

    Computer Name: SITTINGROOM
    Event Code: 10016
    Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5F36DC27-B076-4D0C-BD8C-7AEE14022193}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

    Record Number: 236003
    Source Name: DCOM
    Time Written: 20090329125316.000000-240
    Event Type: error
    User: NT AUTHORITY\LOCAL SERVICE

    Computer Name: SITTINGROOM
    Event Code: 10016
    Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5F36DC27-B076-4D0C-BD8C-7AEE14022193}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

    Record Number: 236002
    Source Name: DCOM
    Time Written: 20090329125316.000000-240
    Event Type: error
    User: NT AUTHORITY\LOCAL SERVICE

    Computer Name: SITTINGROOM
    Event Code: 10016
    Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {5F36DC27-B076-4D0C-BD8C-7AEE14022193}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

    Record Number: 236001
    Source Name: DCOM
    Time Written: 20090329125316.000000-240
    Event Type: error
    User: NT AUTHORITY\LOCAL SERVICE

    =====Application event log=====

    Computer Name: SITTINGROOM
    Event Code: 1001
    Message: Fault bucket 1015682910.

    Record Number: 40999
    Source Name: Application Hang
    Time Written: 20090104095747.000000-300
    Event Type: error
    User:

    Computer Name: SITTINGROOM
    Event Code: 1002
    Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 40998
    Source Name: Application Hang
    Time Written: 20090104095739.000000-300
    Event Type: error
    User:

    Computer Name: SITTINGROOM
    Event Code: 1002
    Message: Hanging application iexplore.exe, version 7.0.6000.16762, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 40997
    Source Name: Application Hang
    Time Written: 20090104095739.000000-300
    Event Type: error
    User:

    Computer Name: SITTINGROOM
    Event Code: 1517
    Message: Windows saved user SITTINGROOM\Mark registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 40996
    Source Name: Userenv
    Time Written: 20090104094055.000000-300
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: SITTINGROOM
    Event Code: 1524
    Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



    Record Number: 40995
    Source Name: Userenv
    Time Written: 20090104094055.000000-300
    Event Type: warning
    User: SITTINGROOM\Mark

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

    -----------------EOF-----------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •