Help

W

whytechocolate

New member
My pc kept coming up with virus's and asked if I wanted to remove I clicked yes then eventually I tried to do A SYSTEM RESTORE AND IT SAID IT WAS DISABLED BY administrator. task manager wouldn't work and eventualy it shut down my pc i do have a list of some of the virus i think but i couldn't do anything with my pc so i did system restore but my anti virus is still saying i have an infection and it deletes it but comes back again this is what it says is the problem and the location

A0013989.exe
C:\System Volume Information\_restore{91895B5D-69AB-4CF4-8991-869FF3F62C0A}\RP125\

A0013990.exe
C:\System Volume Information\_restore{91895B5D-69AB-4CF4-8991-869FF3F62C0A}\RP125\

A0013991.exe

A0013992.exe




I did the hi jack thing and here is the log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:17 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Reg Tool\Reg Tool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7656 bytes
 
Hi,

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
 
log files pt 1

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bonnie at 2009-09-22 09:53:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 149 GB (62%) free of 238 GB
Total RAM: 2559 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:28 AM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bonnie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\RunOnce: [ccube_TrustList] "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /trustlist
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Bonnie at 6 46 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]
"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-09-16 177392]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2009-09-16 14088]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-09-16 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2009-09-18 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2009-09-18 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2009-09-18 259312]
""= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ccube_TrustList"=C:\Program Files\CA\CA Internet Security Suite\caunst.exe [2009-09-16 529648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-08-10 251264]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]
"Road Runner PhotoShow Media Manager"=C:\PROGRA~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe [2008-05-09 361976]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-22 09:53:17 ----D---- C:\rsit
2009-09-19 13:48:09 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-09-19 13:42:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-19 13:42:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-19 13:42:38 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-19 13:42:38 ----D---- C:\234563fc4a7886848891d2c7
2009-09-19 13:30:00 ----RHD---- C:\AHCache
2009-09-18 18:59:00 ----D---- C:\Program Files\Trend Micro
2009-09-18 18:50:37 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool
2009-09-18 18:50:20 ----D---- C:\Program Files\Reg Tool
2009-09-17 11:29:04 ----D---- C:\WINDOWS\Prefetch
2009-09-16 21:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-16 21:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-16 21:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-16 21:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-16 21:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-16 21:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-16 21:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-16 21:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-16 21:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-16 21:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-16 21:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-16 21:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-16 21:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-16 21:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-16 21:20:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-16 21:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-16 21:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-16 21:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-16 21:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-16 21:17:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-16 21:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-16 21:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-16 21:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-16 21:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-16 21:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-16 21:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-16 21:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-09-16 21:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-16 21:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-16 21:11:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-16 21:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-16 21:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-16 21:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-16 21:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-16 21:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-16 21:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-16 20:15:42 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-09-16 20:14:32 ----D---- C:\Program Files\Common Files\Oberon Media
2009-09-16 20:14:31 ----D---- C:\Program Files\IncrediGames
2009-09-16 18:46:50 ----A---- C:\WINDOWS\system32\vetredir.dll
2009-09-16 18:46:50 ----A---- C:\WINDOWS\system32\isafprod.dll
2009-09-16 18:46:50 ----A---- C:\WINDOWS\system32\isafeif.dll
2009-09-16 18:46:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA
2009-09-16 17:29:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Road Runner
2009-09-16 17:27:31 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-09-16 17:27:31 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-09-16 17:27:31 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-09-16 17:27:31 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-09-16 17:26:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simple Star Shared
2009-09-16 17:26:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simple Star
2009-09-16 17:01:22 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Simple Star
2009-09-16 17:01:22 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Road Runner
2009-09-16 14:49:37 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Sun
2009-09-14 22:10:58 ----A---- C:\WINDOWS\TaxACT06.ini
2009-09-13 03:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-09-13 03:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-13 03:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-09-13 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-09-13 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-13 03:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-13 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-13 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-13 03:01:05 ----D---- C:\Program Files\MSXML 4.0
2009-09-13 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-13 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB926247$
2009-09-12 17:40:55 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-09-12 17:40:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-09-12 17:40:53 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-09-12 17:40:53 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-09-12 17:40:51 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-09-12 17:40:51 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-09-12 17:40:47 ----N---- C:\WINDOWS\system32\setupn.exe
2009-09-12 17:40:46 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\qagent.dll
2009-09-12 17:40:45 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-09-12 17:40:44 ----N---- C:\WINDOWS\system32\onex.dll
2009-09-12 17:40:42 ----N---- C:\WINDOWS\system32\napstat.exe
2009-09-12 17:40:42 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-09-12 17:40:42 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-09-12 17:40:41 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-09-12 17:40:41 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-09-12 17:40:40 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-09-12 17:40:40 ----N---- C:\WINDOWS\system32\mssha.dll
2009-09-12 17:40:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-09-12 17:40:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-09-12 17:40:36 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-09-12 17:40:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-09-12 17:40:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-09-12 17:40:32 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-09-12 17:40:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-09-12 17:40:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-09-12 17:40:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-09-12 17:40:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-09-12 17:40:31 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-09-12 17:40:29 ----A---- C:\WINDOWS\005143_.tmp
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-09-12 17:40:28 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-09-12 17:40:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-09-12 17:40:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-09-12 17:40:25 ----N---- C:\WINDOWS\system32\credssp.dll
2009-09-12 17:40:22 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-12 17:40:22 ----N---- C:\WINDOWS\system32\azroles.dll
2009-09-12 17:40:20 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-09-12 15:45:37 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-09-12 15:45:22 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-12 11:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-09-12 11:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-09-12 11:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-09-12 11:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-09-12 11:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-09-12 11:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-09-12 11:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-09-12 11:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-09-12 11:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-09-12 11:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-09-12 11:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-09-12 11:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-09-12 11:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-09-12 11:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-09-12 11:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-09-12 11:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-09-12 11:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-09-12 11:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-09-12 11:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-09-12 11:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-09-12 11:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-09-12 11:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-09-12 11:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-09-12 11:03:56 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-09-12 11:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-09-12 11:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-09-12 11:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-09-12 11:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-09-12 11:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-09-12 11:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-09-12 11:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-09-12 11:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-09-12 11:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-09-12 11:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-09-12 11:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-09-12 11:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-09-12 11:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-09-12 10:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-09-12 10:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-09-12 10:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-09-12 10:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-09-12 10:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-09-12 10:51:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-12 08:57:55 ----A---- C:\WINDOWS\ODBC.INI
2009-09-12 02:38:51 ----N---- C:\WINDOWS\system32\spnpinst.exe
2009-09-10 15:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2009-09-10 15:42:39 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2009-09-10 15:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2009-09-10 15:42:07 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2009-09-10 15:41:57 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2009-09-10 15:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2009-09-10 15:41:21 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-10 15:40:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-10 15:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2009-09-10 15:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2009-09-10 15:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2009-09-10 15:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2009-09-10 15:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2009-09-10 15:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP8$
2009-09-10 15:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2009-09-10 15:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2009-09-10 15:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2009-09-10 15:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2009-09-10 15:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2009-09-10 15:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2009-09-10 15:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2009-09-10 15:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2009-09-09 19:50:10 ----A---- C:\WINDOWS\system32\esent.dll
2009-09-08 16:18:28 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla
2009-09-08 09:21:59 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Yahoo!
2009-09-08 09:21:59 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-08 09:21:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2009-09-08 09:17:57 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Macromedia
2009-09-08 09:15:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM
2009-09-08 09:14:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail
2009-09-08 09:14:12 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Adobe
2009-09-08 08:49:23 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-08 08:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-08 08:48:53 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-08 08:48:53 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-08 08:48:53 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-09-08 08:48:53 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-08 08:46:41 ----A---- C:\WINDOWS\system32\wpa.bak
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-09-08 08:45:29 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-08 08:29:32 ----D---- C:\Program Files\Broadcom
2009-09-07 18:47:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-07 18:37:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-07 18:37:33 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-07 18:37:24 ----RA---- C:\WINDOWS\SET40.tmp
2009-09-07 18:37:23 ----RA---- C:\WINDOWS\SET2E.tmp
2009-09-07 18:37:22 ----RA---- C:\WINDOWS\SET22.tmp
2009-09-07 18:30:33 ----D---- C:\$WIN_NT$.~BT
2009-09-07 18:30:33 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-09-07 18:30:32 ----D---- C:\WINDOWS\setup.pss
2009-09-07 14:54:25 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Creative
2009-09-07 14:54:20 ----A---- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000004-10031102}.BAK
2009-09-07 14:53:17 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Jasc Software Inc
2009-09-07 14:49:50 ----A---- C:\WINDOWS\Updreg.EXE
2009-09-07 14:49:50 ----A---- C:\WINDOWS\system32\SFCVRT32.DLL
2009-09-07 14:49:50 ----A---- C:\WINDOWS\CTRES.DLL
2009-09-07 14:49:50 ----A---- C:\WINDOWS\CTCCW.DLL
2009-09-07 14:49:50 ----A---- C:\WINDOWS\AC3API.INI
2009-09-07 14:49:49 ----A---- C:\WINDOWS\system32\INETWH32.DLL
2009-09-07 14:49:49 ----A---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-09-07 14:49:49 ----A---- C:\WINDOWS\system32\CTL3D.DLL
2009-09-07 14:49:17 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-07 14:49:14 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-09-07 14:49:14 ----A---- C:\WINDOWS\system32\Aud2_Del.ini
2009-09-07 14:49:14 ----A---- C:\WINDOWS\INRES.DLL
2009-09-07 14:49:07 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\SFMS32.DLL
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\REGPLIB.EXE
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\OPENAL32.DLL
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\KILL.INI
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\ENSDEF.INI
2009-09-07 14:49:06 ----A---- C:\WINDOWS\system32\ENSDEF.EXE
2009-09-07 14:49:06 ----A---- C:\WINDOWS\READREG.EXE
2009-09-07 14:49:06 ----A---- C:\WINDOWS\PSCONV.EXE
2009-09-07 14:49:06 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-09-07 14:49:05 ----A---- C:\WINDOWS\system32\EAXAC3.DLL
2009-09-07 14:49:05 ----A---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-09-07 14:49:05 ----A---- C:\WINDOWS\DEVREG.DLL
2009-09-07 14:49:04 ----A---- C:\WINDOWS\system32\CTSCAL.DLL
2009-09-07 14:49:04 ----A---- C:\WINDOWS\system32\ctsblfx.dll
2009-09-07 14:49:04 ----A---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-09-07 14:49:04 ----A---- C:\WINDOWS\system32\CTHELPER.EXE
2009-09-07 14:49:04 ----A---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-09-07 14:49:03 ----A---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-09-07 14:49:02 ----A---- C:\WINDOWS\system32\CTDCIFCE.DLL
2009-09-07 14:49:02 ----A---- C:\WINDOWS\system32\CTDC0001.DLL
2009-09-07 14:49:02 ----A---- C:\WINDOWS\system32\CTDC0000.DLL
2009-09-07 14:49:02 ----A---- C:\WINDOWS\system32\ctaudfx.dll
2009-09-07 14:49:02 ----A---- C:\WINDOWS\system32\CTASIO.DLL
2009-09-07 14:49:01 ----A---- C:\WINDOWS\system32\CTAGENT.DLL
2009-09-07 14:49:00 ----A---- C:\WINDOWS\system32\commonfx.dll
2009-09-07 14:49:00 ----A---- C:\WINDOWS\system32\AC3API.DLL
2009-09-07 14:49:00 ----A---- C:\WINDOWS\system32\a3d.dll
2009-09-07 14:48:52 ----A---- C:\WINDOWS\system32\ctdvda32.dll
2009-09-07 14:48:49 ----A---- C:\WINDOWS\system32\AHQCpURes.dll
2009-09-07 14:47:59 ----A---- C:\WINDOWS\SBWIN.INI
2009-09-07 14:47:48 ----A---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-09-07 14:47:48 ----A---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-09-07 14:47:48 ----A---- C:\WINDOWS\system32\CTDetres.dll
2009-09-07 14:47:45 ----A---- C:\WINDOWS\system32\CTMEDENG.DLL
2009-09-07 14:47:44 ----A---- C:\WINDOWS\system32\CTMERes.DLL
2009-09-07 14:01:46 ----D---- C:\WINDOWS\system32\FxsTmp
2009-09-07 14:01:45 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Voicemodem.txt
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\snmpmib.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\hostmib.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxssend.exe
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxsroute.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxsperf.ini
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\evntwin.exe
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\evntcmd.exe
2009-09-07 14:01:41 ----A---- C:\WINDOWS\system32\evntagnt.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-09-07 14:01:40 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-09-07 14:01:38 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-09-07 13:22:17 ----A---- C:\WINDOWS\ModemLog_BCM V.90 56K Modem.txt
 
log file pt 2

2009-09-07 13:08:37 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2009-09-07 13:08:37 ----A---- C:\WINDOWS\system32\RcdScan.dll
2009-09-07 13:08:36 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-09-07 12:38:48 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\MSN6
2009-09-07 12:38:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2009-09-07 12:35:15 ----D---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Identities
2009-09-07 12:35:10 ----HD---- C:\Program Files\Uninstall Information
2009-09-07 12:35:05 ----SD---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Microsoft
2009-09-07 12:35:05 ----ASH---- C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\Application Data\desktop.ini
2009-09-07 12:34:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-07 12:23:07 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2009-09-07 12:22:43 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-07 12:22:29 ----A---- C:\WINDOWS\control.ini
2009-09-07 12:22:20 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-07 12:22:17 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-07 12:21:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-07 12:20:43 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-07 12:20:43 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-07 12:20:43 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-07 12:20:43 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-07 12:20:43 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-07 12:20:41 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-07 12:20:41 ----A---- C:\WINDOWS\desktop.ini
2009-09-07 12:20:37 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-07 12:20:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-07 12:20:36 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-07 12:20:36 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-07 12:20:35 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-07 12:20:34 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-07 12:20:34 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-07 12:20:34 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-07 12:20:34 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-07 12:20:34 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-07 12:20:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-09-07 12:20:26 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-09-07 12:20:26 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-07 12:20:26 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-07 12:20:26 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-07 12:20:26 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-07 12:20:25 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-07 12:20:25 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-07 12:20:24 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-07 12:20:23 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-07 12:20:23 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-07 12:20:22 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-09-07 12:20:22 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-07 12:20:22 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-07 12:20:08 ----D---- C:\Program Files\ComPlus Applications
2009-09-07 12:20:07 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-07 12:20:07 ----A---- C:\WINDOWS\vb.ini
2009-09-07 12:19:43 ----HD---- C:\Program Files\WindowsUpdate
2009-09-07 12:19:36 ----A---- C:\WINDOWS\system32\write.exe
2009-09-07 12:19:31 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-07 12:19:31 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-07 12:19:31 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-07 12:19:30 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-07 12:19:30 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-07 12:19:30 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-07 12:19:30 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-07 12:19:30 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-07 12:19:26 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-07 12:19:26 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\winmine.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\sol.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\freecell.exe
2009-09-07 12:19:25 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-07 12:19:24 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-07 12:19:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-07 12:19:23 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-07 12:19:23 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-07 12:19:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-07 12:19:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-07 12:19:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-07 12:19:21 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-07 12:19:21 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-07 12:19:17 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-07 12:19:17 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-07 12:19:17 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-07 12:19:17 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-07 12:19:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-07 12:19:16 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\spider.exe
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-07 12:19:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-07 12:19:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-07 12:19:13 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-07 12:19:11 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-07 06:07:41 ----D---- C:\Program Files\Protection System
2009-09-07 05:52:44 ----D---- C:\Program Files\Windows Police Pro
2009-09-07 05:18:25 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-07 05:09:27 ----A---- C:\WINDOWS\imsins.BAK
2009-09-07 05:09:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-07 05:09:23 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-07 05:09:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-07 05:09:12 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-07 05:09:11 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2009-09-07 05:09:10 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-07 05:09:07 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-09-07 05:09:04 ----RA---- C:\WINDOWS\SETD.tmp
2009-09-07 05:09:04 ----RA---- C:\WINDOWS\SET7.tmp
2009-09-07 05:09:01 ----RA---- C:\WINDOWS\SET3.tmp
2009-09-07 05:08:50 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-09-07 05:08:41 ----A---- C:\WINDOWS\setuplog.txt
2009-08-26 05:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-22 07:33:35 ----D---- C:\Program Files\Mozilla Firefox
2009-09-22 05:44:14 ----SHD---- C:\WINDOWS\Installer
2009-09-22 05:44:13 ----HD---- C:\Config.Msi
2009-09-22 03:48:37 ----D---- C:\WINDOWS\SYSTEM32
2009-09-22 03:48:37 ----D---- C:\WINDOWS
2009-09-20 03:40:25 ----D---- C:\WINDOWS\temp
2009-09-20 03:39:47 ----A---- C:\caisslog.txt
2009-09-20 03:30:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-20 03:24:43 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-20 03:24:28 ----RSD---- C:\WINDOWS\assembly
2009-09-20 03:08:55 ----HD---- C:\WINDOWS\INF
2009-09-20 03:08:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-20 03:08:40 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-09-20 03:04:19 ----D---- C:\WINDOWS\WinSxS
2009-09-19 13:44:01 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-19 13:43:58 ----D---- C:\WINDOWS\system32\en-US
2009-09-19 13:43:54 ----RSD---- C:\WINDOWS\Fonts
2009-09-18 18:59:00 ----RAD---- C:\Program Files
2009-09-18 18:58:16 ----SD---- C:\WINDOWS\Tasks
2009-09-18 14:00:57 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-18 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-18 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-18 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-18 03:00:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-17 11:32:33 ----D---- C:\Program Files\Messenger
2009-09-17 11:28:35 ----D---- C:\WINDOWS\system32\Setup
2009-09-17 11:28:35 ----D---- C:\WINDOWS\AppPatch
2009-09-17 11:28:34 ----D---- C:\WINDOWS\system32\WBEM
2009-09-16 21:26:40 ----D---- C:\Program Files\Outlook Express
2009-09-16 21:14:01 ----D---- C:\WINDOWS\SECURITY
2009-09-16 21:03:52 ----D---- C:\Program Files\Windows Media Player
2009-09-16 21:03:51 ----D---- C:\WINDOWS\Help
2009-09-16 21:03:35 ----D---- C:\WINDOWS\network diagnostic
2009-09-16 21:03:35 ----D---- C:\WINDOWS\IME
2009-09-16 21:03:19 ----D---- C:\WINDOWS\system32\USMT
2009-09-16 21:03:18 ----D---- C:\WINDOWS\system32\scripting
2009-09-16 21:03:18 ----D---- C:\WINDOWS\l2schemas
2009-09-16 21:03:17 ----D---- C:\WINDOWS\system32\en
2009-09-16 21:03:17 ----D---- C:\WINDOWS\system32\bits
2009-09-16 21:03:17 ----D---- C:\WINDOWS\peernet
2009-09-16 21:03:16 ----D---- C:\Program Files\Movie Maker
2009-09-16 20:59:31 ----D---- C:\WINDOWS\system32\Restore
2009-09-16 20:59:31 ----D---- C:\WINDOWS\system32\NPP
2009-09-16 20:59:30 ----D---- C:\WINDOWS\MSAGENT
2009-09-16 20:59:28 ----D---- C:\WINDOWS\SRCHASST
2009-09-16 20:59:27 ----D---- C:\Program Files\NetMeeting
2009-09-16 20:59:25 ----D---- C:\WINDOWS\system32\Com
2009-09-16 20:59:22 ----D---- C:\Program Files\Windows NT
2009-09-16 20:59:18 ----D---- C:\Program Files\Common Files\System
2009-09-16 20:58:52 ----D---- C:\WINDOWS\system32\OOBE
2009-09-16 20:58:49 ----D---- C:\WINDOWS\SYSTEM
2009-09-16 20:55:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-16 20:30:20 ----D---- C:\WINDOWS\EHome
2009-09-16 20:14:32 ----D---- C:\Program Files\Oberon Media
2009-09-16 20:14:32 ----D---- C:\Program Files\Common Files
2009-09-16 18:46:52 ----A---- C:\caavsetupLog.txt
2009-09-16 18:44:24 ----D---- C:\Documents and Settings
2009-09-16 17:27:30 ----D---- C:\Program Files\Common Files\Simple Star Shared
2009-09-16 17:26:28 ----D---- C:\Program Files\Road Runner
2009-09-16 17:00:40 ----D---- C:\Program Files\Internet Explorer
2009-09-16 16:52:40 ----D---- C:\WINDOWS\WBEM
2009-09-16 16:52:31 ----D---- C:\WINDOWS\Media
2009-09-16 16:52:18 ----HDC---- C:\WINDOWS\ie8
2009-09-13 03:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-09-13 03:05:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-09-13 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-13 03:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-09-13 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953155_0$
2009-09-13 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-09-13 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-09-13 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-09-13 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-09-12 11:26:27 ----D---- C:\WINDOWS\Debug
2009-09-12 10:56:23 ----RASH---- C:\boot.ini
2009-09-12 10:56:23 ----A---- C:\WINDOWS\win.ini
2009-09-12 10:53:19 ----RD---- C:\WINDOWS\Web
2009-09-12 10:53:11 ----RASH---- C:\NTDETECT.COM
2009-09-12 09:07:24 ----D---- C:\WINDOWS\system32\Macromed
2009-09-12 09:05:27 ----D---- C:\Program Files\Microsoft Picture It! 9
2009-09-12 09:03:16 ----D---- C:\Program Files\Microsoft Streets and Trips
2009-09-12 09:02:00 ----D---- C:\Program Files\Microsoft Money
2009-09-12 08:58:17 ----D---- C:\Program Files\Microsoft Works
2009-09-12 08:57:45 ----HD---- C:\WINDOWS\ShellNew
2009-09-12 08:57:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-10 15:45:32 ----D---- C:\WINDOWS\Registration
2009-09-10 15:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2009-09-10 15:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-09-10 15:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-09-10 15:43:03 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2009-09-10 15:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2009-09-10 15:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2009-09-10 15:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2009-09-10 15:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2009-09-10 15:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2009-09-10 15:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2009-09-10 15:36:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2009-09-10 15:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2009-09-10 15:35:51 ----HDC---- C:\WINDOWS\$NtUninstallKB904706_0$
2009-09-10 15:35:42 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2009-09-10 15:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2009-09-10 15:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2009-09-10 15:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2009-09-10 15:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2009-09-08 09:22:09 ----D---- C:\Program Files\Yahoo!
2009-09-08 09:15:00 ----D---- C:\Program Files\IncrediMail
2009-09-08 08:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-09-08 08:49:33 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-09-08 08:49:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-08 08:46:59 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-07 18:53:09 ----SHD---- C:\System Volume Information
2009-09-07 18:52:41 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-07 18:37:38 ----A---- C:\WINDOWS\system.ini
2009-09-07 15:01:29 ----D---- C:\Program Files\Modem Helper
2009-09-07 14:49:48 ----D---- C:\WINDOWS\system32\Defaults
2009-09-07 14:49:14 ----D---- C:\WINDOWS\system32\Data
2009-09-07 14:44:15 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-09-07 14:44:14 ----D---- C:\Program Files\Sonic
2009-09-07 14:33:06 ----SHD---- C:\RECYCLER
2009-09-07 14:02:50 ----D---- C:\WINDOWS\system32\URTTemp
2009-09-07 14:01:41 ----D---- C:\WINDOWS\ADDINS
2009-09-07 13:29:32 ----D---- C:\WINDOWS\pss
2009-09-07 12:24:31 ----D---- C:\WINDOWS\REPAIR
2009-09-07 12:21:24 ----SD---- C:\WINDOWS\occache
2009-09-07 12:21:24 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-07 12:20:03 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-07 12:19:34 ----D---- C:\WINDOWS\Cursors
2009-09-07 11:34:18 ----D---- C:\WINDOWS\TWAIN_32
2009-09-07 11:34:03 ----D---- C:\WINDOWS\system32\ICSXML
2009-09-07 11:33:37 ----D---- C:\WINDOWS\system32\IAS
2009-09-07 11:33:32 ----D---- C:\WINDOWS\system32\1033
2009-09-07 11:32:28 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 05:02:41 ----D---- C:\WINDOWS\system32\RAS
2009-09-07 05:01:12 ----D---- C:\WINDOWS\zhenghe2
2009-09-07 05:01:12 ----D---- C:\WINDOWS\XPack with Serialz
2009-09-07 05:00:55 ----D---- C:\WINDOWS\system32\NtmsData
2009-09-07 05:00:35 ----D---- C:\WINDOWS\system32\dla
2009-09-07 05:00:25 ----D---- C:\WINDOWS\system32\(app)
2009-09-07 05:00:20 ----D---- C:\WINDOWS\SierraWireless3.5.4
2009-09-07 05:00:09 ----D---- C:\WINDOWS\PHOTOCD
2009-09-07 05:00:08 ----D---- C:\WINDOWS\nview
2009-09-07 05:00:08 ----D---- C:\WINDOWS\NewSoft
2009-09-07 05:00:07 ----D---- C:\WINDOWS\My Video Downloader
2009-09-07 05:00:07 ----D---- C:\WINDOWS\MVUNINST
2009-09-07 05:00:00 ----D---- C:\WINDOWS\Java
2009-09-07 05:00:00 ----D---- C:\WINDOWS\Intelli HyperSpeed 2005
2009-09-07 04:59:45 ----HDC---- C:\WINDOWS\ie7
2009-09-07 04:59:40 ----D---- C:\WINDOWS\Full Speed
2009-09-07 04:59:34 ----D---- C:\WINDOWS\DellPCH
2009-09-07 04:59:34 ----D---- C:\WINDOWS\Cache
2009-09-07 04:59:32 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2009-09-07 04:59:32 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-09-07 04:59:32 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ817606$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ817287$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ814033$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ810833$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ810577$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ810565$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ329834$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ329441$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallQ329115$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961503_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-09-07 04:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-09-07 04:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2009-09-07 04:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-09-07 04:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB931768$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929338$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB928090$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-09-07 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925454_0$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925454$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2009-09-07 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB922760$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB920214$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB918899$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP10$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-09-07 04:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB916281$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB913446$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB912812$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911567$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB906569$
2009-09-07 04:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB902344$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB898458$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896688-IE6SP1-20051004.130236$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB891711$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890175_0$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB889293-IE6SP1-20041111.235619$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-09-07 04:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB888113_0$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB873376$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB871250$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB841533$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB841356$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB840987$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB840374$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB839643-DirectX9$
2009-09-07 04:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB837001$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB835732$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB828741$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB826939$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB825119$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB824141$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB824105$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB823182$
2009-09-07 04:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB821557$
2009-09-07 04:59:12 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803$
2009-09-05 10:35:19 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-09-16 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-20 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-20 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-20 135248]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-20 116000]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-03-26 823616]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-09-16 108368]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2003-07-16 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-09-16 242952]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-09-16 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
info

info.txt logfile of random's system information tool 1.06 2009-09-22 09:53:32

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Broadcom Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dream Vacation Solitaire FREE-->"C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\Uninstall.exe" "C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\install.log"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Road Runner PhotoShow 5-->"C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\Uninstall.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
TaxACT 2006-->C:\PROGRA~1\2NDSTO~1\TAXACT~4\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~4\Install.log
TaxACT Ohio 2006-->C:\PROGRA~1\2NDSTO~1\TAXACT~4\Unst06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~4\OH.log
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\install.log
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: CA Anti-Virus

======System event log======

Computer Name: BONNIE-FM4OD1WD
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 604
Source Name: SideBySide
Time Written: 20090908091522.000000-420
Event Type: error
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 603
Source Name: SideBySide
Time Written: 20090908091522.000000-420
Event Type: error
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 602
Source Name: SideBySide
Time Written: 20090908091522.000000-420
Event Type: error
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 601
Source Name: SideBySide
Time Written: 20090908091522.000000-420
Event Type: error
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 600
Source Name: SideBySide
Time Written: 20090908091522.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: BONNIE-FM4OD1WD
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 80070422.
Record Number: 82
Source Name: EventSystem
Time Written: 20090907184823.000000-420
Event Type: warning
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 16387
Message: Service could not be deleted

Record Number: 81
Source Name: HELPSVC
Time Written: 20090907184813.000000-420
Event Type: error
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 1517
Message: Windows saved user BONNIE-FM4OD1WD\Bonnie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 43
Source Name: Userenv
Time Written: 20090907140427.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BONNIE-FM4OD1WD
Event Code: 62
Message: WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size

Record Number: 42
Source Name: WinMgmt
Time Written: 20090907140407.000000-420
Event Type: warning
User:

Computer Name: BONNIE-FM4OD1WD
Event Code: 1031
Message:
Record Number: 34
Source Name: ASP.NET 1.0.3705.0
Time Written: 20090907140310.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
 
Hi again,

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
malwarebytes log

Malwarebytes' Anti-Malware 1.41
Database version: 2843
Windows 5.1.2600 Service Pack 3

9/22/2009 2:22:47 PM
mbam-log-2009-09-22 (14-22-46).txt

Scan type: Quick Scan
Objects scanned: 154767
Time elapsed: 16 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 37
Files Infected: 290

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC (Rogue.Total.Security) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Log\log_2007_04_28_20_21_07.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Log\log_2007_04_28_20_21_13.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\RegistrySmart\Log\log_2007_04_29_12_39_54.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bonnie\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01EA5861 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1893F2A5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1893FAE3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\18940A25.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\18940FA3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1895605E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1A4D22DC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1A4D23F5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1A4D2751.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1A4D27FD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1C234B26.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\1C234BE2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\2A7D8AD1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\342814C0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\ANTI_files.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcm80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcp80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcr80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\windows Police Pro.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\dbsinit.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\wispex.html (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\i3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\j3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\jj3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\l3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\pix.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\t1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\t2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\up1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\up2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w11.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\w3.jpg (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\images\wt3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Computer Scan.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Help.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Registration.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Security Center.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Settings.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Total Security.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\TSC\Update.lnk (Rogue.Total.Security) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
next

ok I did the first part of the reply now I guess you want me to do the second part i hope im doing this right and thanks for ur help
 
after restart

my anti virus came up with infections as follows
filename nyuZwEhx.exe.part
Location C:\DOCUME~1\BONNIE~1.BON\LOCALS~1\Temp\
infection win32/sillydl.prr

filename ComboFix.exe
location C:\Documents and Settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\
infection win32/sillydl.prr

ok doing second part now
 
That's why this was included:
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
Click to expand...
 
combo file

ComboFix 09-09-22.01 - Bonnie 09/22/2009 15:49.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1961 [GMT -7:00]
Running from: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\Uninst.exe
c:\recycler\S-1-5-21-3059480073-2379732719-3663899677-1007
C:\Windows Sound Scheme.EXE
c:\windows\Downloaded Program Files\Temp
c:\windows\Installer\87c9b.msp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:53 . 2009-09-22 16:53 -------- d-----w- C:\rsit
2009-09-19 20:48 . 2009-09-19 20:48 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-09-19 20:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-19 20:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-19 20:42 . 2009-09-19 20:43 -------- d-----w- C:\234563fc4a7886848891d2c7
2009-09-19 20:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-19 20:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-19 20:30 . 2009-09-19 20:30 -------- d-----r- C:\AHCache
2009-09-19 01:59 . 2009-09-19 01:59 -------- d-----w- c:\program files\Trend Micro
2009-09-19 01:50 . 2009-09-19 01:52 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool
2009-09-19 01:50 . 2009-09-19 01:58 -------- d-----w- c:\program files\Reg Tool
2009-09-18 21:00 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-18 21:00 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-17 03:15 . 2009-09-20 14:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\IncrediGames
2009-09-17 01:49 . 2009-09-17 01:48 880560 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-09-17 01:49 . 2009-09-17 01:48 108368 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-09-17 01:46 . 2007-08-20 20:38 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-09-17 01:46 . 2007-08-20 20:37 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-09-17 01:46 . 2007-08-20 20:37 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-09-17 01:46 . 2007-08-20 20:26 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-09-17 01:46 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CA
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON\LOCALS~1
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON
2009-09-16 23:54 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-16 23:52 . 2009-07-20 01:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-16 23:52 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-16 23:52 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-16 23:52 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-16 23:52 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-16 23:52 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 10:01 . 2009-09-13 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-09-12 22:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-12 22:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-12 22:46 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-12 22:46 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-12 22:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-12 22:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-12 22:46 . 2009-06-10 16:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-12 22:46 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-12 22:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-12 22:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-12 22:45 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-12 16:21 . 2009-09-20 00:55 58432 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 09:38 . 2008-04-14 12:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-09-12 09:38 . 2004-08-02 21:20 4569 ------w- c:\windows\system32\secupd.dat
2009-09-11 01:14 . 2009-09-11 01:14 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Identities
2009-09-10 02:50 . 2008-04-14 00:11 1082368 ----a-w- c:\windows\system32\esent.dll
2009-09-08 23:18 . 2009-09-08 23:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-08 23:18 . 2009-09-08 23:18 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Mozilla
2009-09-08 21:22 . 2009-09-08 21:22 -------- d-s---w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\UserData
2009-09-08 16:57 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Yahoo
2009-09-08 16:21 . 2009-09-15 21:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-08 16:21 . 2009-09-08 16:22 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Yahoo!
2009-09-08 16:21 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-09-08 16:15 . 2009-09-08 16:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:17 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail
2009-09-08 15:49 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-08 15:48 . 2008-12-16 12:30 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-09-08 15:48 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-09-08 15:48 . 2008-04-14 00:11 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-09-08 15:48 . 2008-04-14 00:11 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-09-08 15:45 . 2008-10-16 21:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2009-09-08 15:45 . 2008-10-16 21:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-09-08 15:45 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-09-08 15:45 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-09-08 15:45 . 2008-04-14 00:12 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2009-09-08 15:45 . 2008-04-14 00:12 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\program files\Broadcom
2009-09-08 01:52 . 2003-07-16 20:51 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-09-08 01:52 . 2003-07-16 20:51 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-09-08 01:50 . 2008-04-14 00:09 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-08 01:47 . 2003-07-16 20:48 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2009-09-08 01:47 . 2003-07-16 20:30 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-09-08 01:47 . 2003-07-16 20:30 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2009-09-08 01:46 . 2008-04-14 00:12 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2009-09-08 01:46 . 2008-04-14 00:12 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-08 01:30 . 2009-09-08 01:30 -------- d-----w- C:\$WIN_NT$.~BT
2009-09-07 21:55 . 2009-09-22 23:00 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:55 . 2009-09-22 23:00 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:54 . 2009-09-07 21:54 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Creative
2009-09-07 21:53 . 2009-09-07 21:53 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Jasc Software Inc
2009-09-07 21:48 . 2009-09-07 21:48 184 ----a-w- c:\windows\system32\e000001.dat
2009-09-07 21:48 . 2003-03-05 19:19 15840 ----a-w- c:\windows\system32\pfmodnt.sys
2009-09-07 21:48 . 2003-01-15 18:41 77824 ----a-w- c:\windows\system32\ctdvda32.dll
2009-09-07 21:48 . 2003-01-27 23:32 831600 ----a-w- c:\windows\system32\Ctaa1.dat
2009-09-07 21:48 . 2001-05-28 20:47 12288 ----a-w- c:\windows\system32\AHQCpURes.dll
2009-09-07 21:47 . 2001-03-30 09:00 62976 ----a-w- c:\windows\system32\CTDetres.dll
2009-09-07 21:47 . 1999-12-13 08:01 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-09-07 21:47 . 1999-11-18 08:00 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2009-09-07 21:47 . 2002-02-20 09:00 331776 ----a-w- c:\windows\system32\CTMEDENG.DLL
2009-09-07 21:47 . 2000-04-20 08:00 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-09-07 21:03 . 2009-09-10 22:45 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\ApplicationHistory
2009-09-07 20:33 . 2003-08-28 23:58 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
2009-09-07 20:08 . 2002-01-09 00:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-09-07 20:08 . 2000-03-23 19:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-09-07 20:08 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-09-07 20:08 . 2001-08-22 15:42 13632 ----a-w- c:\windows\system32\drivers\omci.sys
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\MSN6
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
2009-09-07 19:23 . 2003-03-21 22:56 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-09-07 19:21 . 2009-09-19 03:34 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2009-09-07 12:16 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-07 12:16 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-07 12:16 . 2001-08-17 13:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-07 12:16 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-07 12:16 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-07 12:15 . 2001-08-17 13:28 871388 ----a-w- c:\windows\system32\drivers\BCMDM.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-09-18 21:01 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Road Runner
2009-09-17 03:14 . 2005-08-10 14:36 -------- d-----w- c:\program files\Oberon Media
2009-09-17 00:29 . 2009-09-17 00:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Road Runner
2009-09-17 00:29 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Simple Star
2009-09-17 00:27 . 2007-03-04 23:53 -------- d-----w- c:\program files\Common Files\Simple Star Shared
2009-09-17 00:27 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star Shared
2009-09-17 00:26 . 2007-03-04 23:53 -------- d-----w- c:\program files\Road Runner
2009-09-17 00:26 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star
2009-09-16 23:57 . 2009-09-12 16:21 2376 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\wklnhst.dat
2009-09-12 16:05 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Picture It! 9
2009-09-12 16:03 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Streets and Trips
2009-09-12 16:02 . 2004-02-21 16:21 -------- d-----w- c:\program files\Microsoft Money
2009-09-12 15:58 . 2004-02-21 16:20 -------- d-----w- c:\program files\Microsoft Works
2009-09-08 16:22 . 2004-02-25 20:07 -------- d-----w- c:\program files\Yahoo!
2009-09-08 16:15 . 2004-04-24 13:33 -------- d-----w- c:\program files\IncrediMail
2009-09-08 01:47 . 2009-09-07 19:20 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-07 22:01 . 2004-02-21 16:14 -------- d-----w- c:\program files\Modem Helper
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Sonic
2009-09-05 17:35 . 2004-02-21 16:07 -------- d-----w- c:\program files\Java
2009-08-31 15:18 . 2004-03-02 21:22 32022 ----a-w- c:\documents and settings\Bonnie\Application Data\wklnhst.dat
2009-08-23 04:04 . 2009-06-16 02:02 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Cabos
2009-08-16 23:55 . 2009-08-16 23:55 -------- d-----w- c:\program files\FriendFinder
2009-08-12 11:22 . 2008-03-27 13:38 -------- d-----w- c:\program files\Safari
2009-08-11 19:16 . 2009-08-11 19:16 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Profile Pimp
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-05 12:35 . 2009-08-05 12:34 -------- d-----w- c:\program files\iTunes
2009-08-05 12:34 . 2009-08-05 12:34 -------- d-----w- c:\program files\iPod
2009-08-05 12:34 . 2007-07-05 21:15 -------- d-----w- c:\program files\Common Files\Apple
2009-08-05 09:01 . 2003-07-16 20:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:22 . 2009-06-27 23:25 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Image Zone Express
2009-07-29 04:37 . 2005-10-17 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-06-23 18:33 915456 ----a-w- c:\windows\system32\wininet.dll
2007-03-07 20:09 . 2007-03-07 20:09 1009205 ----a-w- c:\program files\DVD Decrypter.rar
2007-03-07 20:09 . 2007-03-07 20:09 1168 ----a-w- c:\program files\DVD Shrink.rar
2007-03-07 20:09 . 2007-03-07 20:09 4594 ----a-w- c:\program files\DVD Wizard PRO.rar
2007-03-07 20:08 . 2007-03-07 20:08 270 ----a-w- c:\program files\Dvd-to-dvdr.rar
2007-03-07 20:06 . 2007-03-07 20:06 5166979 ----a-w- c:\program files\Dvd-cloner.rar
2007-03-07 20:02 . 2007-03-07 20:02 155292 ----a-w- c:\program files\Blaze Media Pro.rar
2007-03-07 20:01 . 2007-03-07 20:01 201 ----a-w- c:\program files\Mozilla Firefox.rar
2007-03-07 19:57 . 2007-03-07 19:57 448669 ----a-w- c:\program files\Trojan Guarder Gold Version.rar
2005-11-12 14:12 . 2005-11-12 14:00 504965506 ----a-w- c:\program files\Jasc Software Inc.rar
2005-06-07 11:08 . 2005-06-07 11:08 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-01-24 16:01 . 2005-01-24 16:01 20279785 ----a-w- c:\program files\CyberLink.PowerEncoder.MPEG4.AVC.Edition.v1.0.Merry.Xmas-ROR.rar
2005-01-24 15:41 . 2005-01-24 15:41 10618 ----a-w- c:\program files\winrar3.42reg.htm
2004-12-06 01:21 . 2004-12-06 01:21 394775 ----a-w- c:\program files\1clickcombosetup.exe
2004-10-30 05:00 . 2005-03-24 15:13 34397 ----a-w- c:\program files\PictureSorter.zip
2004-06-14 14:40 . 2004-06-14 14:40 22251292 ----a-w- c:\program files\systemmechanicpro.exe
2004-05-25 16:27 . 2004-05-25 16:27 7272960 ----a-w- c:\program files\avg6688fu_free.exe
2004-05-19 04:16 . 2004-05-19 04:16 484 ----a-w- c:\program files\file_id.diz
2004-05-19 04:16 . 2004-05-19 04:16 8251 ----a-w- c:\program files\eithel.nfo
2004-03-03 01:42 . 2004-03-03 01:42 4361 ----a-r- c:\program files\e-Lunatic.diz
2001-05-09 12:11 . 2001-05-09 12:11 31 ----a-w- c:\program files\Install-KPTGoo.txt
1999-08-18 17:42 . 1999-08-18 17:42 3704689 ----a-r- c:\program files\KPTGOO.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-05-09 361976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-09-17 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-09-17 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-09-17 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-09-22 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-09-22 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-09-22 259312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\SYSTEM32\CTASIO.DLL [2003-02-20 110592]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\Bonnie\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-12-5 24651]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 20:30 79368 ----a-w- c:\windows\SYSTEM32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 7:24 AM 801296]
R3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 6:10 PM 189704]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 7:24 AM 1010192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as Bonnie at 6 46 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredigames.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredigames.com/?loc=FF_Incredigame_AddressBar&search=
FF - plugin: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 16:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ctagent.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\SYSTEM32\tcpsvcs.exe
c:\windows\SYSTEM32\snmp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\windows\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-09-22 16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 23:07

Pre-Run: 156,201,005,056 bytes free
Post-Run: 156,958,269,440 bytes free

367 --- E O F --- 2009-09-20 10:08
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool
c:\program files\Reg Tool
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall your current Shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new RSIT log, above mentioned ComboFix log & a description of any remaining problems
 
new log

ComboFix 09-09-23.02 - Bonnie 09/23/2009 16:00.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1754 [GMT -7:00]
Running from: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\Logs\2009-09-18 18-50-370.log
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\filelist.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-0.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-1.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-10.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-100.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-101.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-102.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-103.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-104.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-105.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-106.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-107.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-108.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-109.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-11.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-110.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-111.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-112.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-113.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-114.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-115.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-116.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-117.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-118.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-119.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-12.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-120.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-121.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-122.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-123.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-124.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-125.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-126.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-127.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-128.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-129.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-13.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-130.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-131.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-132.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-133.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-134.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-135.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-136.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-137.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-138.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-139.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-14.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-140.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-141.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-142.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-143.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-144.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-145.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-146.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-15.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-16.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-17.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-18.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-19.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-2.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-20.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-21.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-22.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-23.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-24.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-25.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-26.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-27.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-28.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-29.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-3.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-30.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-31.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-32.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-33.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-34.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-35.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-36.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-37.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-38.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-39.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-4.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-40.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-41.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-42.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-43.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-44.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-45.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-46.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-47.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-48.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-49.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-5.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-50.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-51.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-52.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-53.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-54.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-55.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-56.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-57.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-58.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-59.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-6.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-60.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-61.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-62.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-63.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-64.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-65.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-66.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-67.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-68.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-69.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-7.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-70.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-71.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-72.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-73.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-74.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-75.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-76.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-77.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-78.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-79.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-8.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-80.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-81.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-82.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-83.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-84.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-85.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-86.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-87.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-88.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-89.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-9.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-90.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-91.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-92.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-93.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-94.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-95.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-96.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-97.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-98.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\QuarantineW\2009-09-18 18-52-490\regb-99.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\Results\Evidence.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\Results\Junk.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\Results\Registry.db
c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Reg Tool\Results\Update.db
c:\program files\Reg Tool
c:\program files\Reg Tool\PW\general.html
c:\program files\Reg Tool\PW\optimizations.html
c:\program files\Reg Tool\PW\privacy.html
c:\program files\Reg Tool\PW\scheduler.html
c:\program files\Reg Tool\PW\startup.html
c:\program files\Reg Tool\PW\wizard.css

.
((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
.

2009-09-23 14:44 . 2009-09-23 14:44 -------- d-sh--w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\PrivacIE
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:53 . 2009-09-22 16:53 -------- d-----w- C:\rsit
2009-09-19 20:48 . 2009-09-19 20:48 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-09-19 20:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-19 20:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-19 20:42 . 2009-09-19 20:43 -------- d-----w- C:\234563fc4a7886848891d2c7
2009-09-19 20:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-19 20:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-19 20:30 . 2009-09-19 20:30 -------- d-----r- C:\AHCache
2009-09-19 01:59 . 2009-09-19 01:59 -------- d-----w- c:\program files\Trend Micro
2009-09-18 21:00 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-18 21:00 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-17 03:15 . 2009-09-20 14:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\IncrediGames
2009-09-17 01:49 . 2009-09-17 01:48 880560 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-09-17 01:49 . 2009-09-17 01:48 108368 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-09-17 01:46 . 2007-08-20 20:38 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-09-17 01:46 . 2007-08-20 20:37 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-09-17 01:46 . 2007-08-20 20:37 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-09-17 01:46 . 2007-08-20 20:26 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-09-17 01:46 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CA
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON\LOCALS~1
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON
2009-09-16 23:54 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-16 23:52 . 2009-07-20 01:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-16 23:52 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-16 23:52 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-16 23:52 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-16 23:52 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-16 23:52 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 10:01 . 2009-09-13 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-09-12 22:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-12 22:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-12 22:46 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-12 22:46 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-12 22:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-12 22:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-12 22:46 . 2009-06-10 16:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-12 22:46 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-12 22:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-12 22:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-12 22:45 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-12 16:21 . 2009-09-20 00:55 58432 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 09:38 . 2008-04-14 12:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-09-12 09:38 . 2004-08-02 21:20 4569 ------w- c:\windows\system32\secupd.dat
2009-09-11 01:14 . 2009-09-11 01:14 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Identities
2009-09-10 02:50 . 2008-04-14 00:11 1082368 ----a-w- c:\windows\system32\esent.dll
2009-09-08 23:18 . 2009-09-08 23:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-08 23:18 . 2009-09-08 23:18 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Mozilla
2009-09-08 21:22 . 2009-09-08 21:22 -------- d-s---w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\UserData
2009-09-08 16:57 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Yahoo
2009-09-08 16:21 . 2009-09-15 21:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-08 16:21 . 2009-09-08 16:22 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Yahoo!
2009-09-08 16:21 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-09-08 16:15 . 2009-09-08 16:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:17 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail
2009-09-08 15:49 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-08 15:48 . 2008-12-16 12:30 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-09-08 15:48 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-09-08 15:48 . 2008-04-14 00:11 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-09-08 15:48 . 2008-04-14 00:11 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-09-08 15:45 . 2008-10-16 21:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2009-09-08 15:45 . 2008-10-16 21:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-09-08 15:45 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-09-08 15:45 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-09-08 15:45 . 2008-04-14 00:12 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2009-09-08 15:45 . 2008-04-14 00:12 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\program files\Broadcom
2009-09-08 01:52 . 2003-07-16 20:51 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-09-08 01:52 . 2003-07-16 20:51 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-09-08 01:50 . 2008-04-14 00:09 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-08 01:47 . 2003-07-16 20:48 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2009-09-08 01:47 . 2003-07-16 20:30 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-09-08 01:47 . 2003-07-16 20:30 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2009-09-08 01:46 . 2008-04-14 00:12 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2009-09-08 01:46 . 2008-04-14 00:12 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-08 01:30 . 2009-09-08 01:30 -------- d-----w- C:\$WIN_NT$.~BT
2009-09-07 21:55 . 2009-09-22 23:00 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:55 . 2009-09-22 23:00 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:54 . 2009-09-07 21:54 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Creative
2009-09-07 21:53 . 2009-09-07 21:53 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Jasc Software Inc
2009-09-07 21:48 . 2009-09-07 21:48 184 ----a-w- c:\windows\system32\e000001.dat
2009-09-07 21:48 . 2003-03-05 19:19 15840 ----a-w- c:\windows\system32\pfmodnt.sys
2009-09-07 21:48 . 2003-01-15 18:41 77824 ----a-w- c:\windows\system32\ctdvda32.dll
2009-09-07 21:48 . 2003-01-27 23:32 831600 ----a-w- c:\windows\system32\Ctaa1.dat
2009-09-07 21:48 . 2001-05-28 20:47 12288 ----a-w- c:\windows\system32\AHQCpURes.dll
2009-09-07 21:47 . 2001-03-30 09:00 62976 ----a-w- c:\windows\system32\CTDetres.dll
2009-09-07 21:47 . 1999-12-13 08:01 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-09-07 21:47 . 1999-11-18 08:00 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2009-09-07 21:47 . 2002-02-20 09:00 331776 ----a-w- c:\windows\system32\CTMEDENG.DLL
2009-09-07 21:47 . 2000-04-20 08:00 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-09-07 21:03 . 2009-09-10 22:45 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\ApplicationHistory
2009-09-07 20:33 . 2003-08-28 23:58 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
2009-09-07 20:08 . 2002-01-09 00:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-09-07 20:08 . 2000-03-23 19:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-09-07 20:08 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-09-07 20:08 . 2001-08-22 15:42 13632 ----a-w- c:\windows\system32\drivers\omci.sys
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\MSN6
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
2009-09-07 19:23 . 2003-03-21 22:56 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-09-07 19:21 . 2009-09-19 03:34 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2009-09-07 12:16 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-07 12:16 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-07 12:16 . 2001-08-17 13:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-07 12:16 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-07 12:16 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-07 12:15 . 2001-08-17 13:28 871388 ----a-w- c:\windows\system32\drivers\BCMDM.sys
2009-09-07 12:08 . 2009-09-07 19:24 -------- d--h--w- c:\documents and settings\Default User.WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-22 23:00 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-09-18 21:01 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Road Runner
2009-09-17 03:14 . 2005-08-10 14:36 -------- d-----w- c:\program files\Oberon Media
2009-09-17 00:29 . 2009-09-17 00:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Road Runner
2009-09-17 00:29 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Simple Star
2009-09-17 00:27 . 2007-03-04 23:53 -------- d-----w- c:\program files\Common Files\Simple Star Shared
2009-09-17 00:27 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star Shared
2009-09-17 00:26 . 2007-03-04 23:53 -------- d-----w- c:\program files\Road Runner
2009-09-17 00:26 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star
2009-09-16 23:57 . 2009-09-12 16:21 2376 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\wklnhst.dat
2009-09-12 16:05 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Picture It! 9
2009-09-12 16:03 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Streets and Trips
2009-09-12 16:02 . 2004-02-21 16:21 -------- d-----w- c:\program files\Microsoft Money
2009-09-12 15:58 . 2004-02-21 16:20 -------- d-----w- c:\program files\Microsoft Works
2009-09-08 16:22 . 2004-02-25 20:07 -------- d-----w- c:\program files\Yahoo!
2009-09-08 16:15 . 2004-04-24 13:33 -------- d-----w- c:\program files\IncrediMail
2009-09-08 01:47 . 2009-09-07 19:20 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-07 22:01 . 2004-02-21 16:14 -------- d-----w- c:\program files\Modem Helper
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Sonic
2009-09-05 17:35 . 2004-02-21 16:07 -------- d-----w- c:\program files\Java
2009-08-31 15:18 . 2004-03-02 21:22 32022 ----a-w- c:\documents and settings\Bonnie\Application Data\wklnhst.dat
2009-08-23 04:04 . 2009-06-16 02:02 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Cabos
2009-08-16 23:55 . 2009-08-16 23:55 -------- d-----w- c:\program files\FriendFinder
2009-08-12 11:22 . 2008-03-27 13:38 -------- d-----w- c:\program files\Safari
2009-08-11 19:16 . 2009-08-11 19:16 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Profile Pimp
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-05 12:35 . 2009-08-05 12:34 -------- d-----w- c:\program files\iTunes
2009-08-05 12:34 . 2009-08-05 12:34 -------- d-----w- c:\program files\iPod
2009-08-05 12:34 . 2007-07-05 21:15 -------- d-----w- c:\program files\Common Files\Apple
2009-08-05 09:01 . 2003-07-16 20:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:22 . 2009-06-27 23:25 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Image Zone Express
2009-07-29 04:37 . 2005-10-17 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-06-23 18:33 915456 ------w- c:\windows\system32\wininet.dll
2007-03-07 20:09 . 2007-03-07 20:09 1009205 ----a-w- c:\program files\DVD Decrypter.rar
2007-03-07 20:09 . 2007-03-07 20:09 1168 ----a-w- c:\program files\DVD Shrink.rar
2007-03-07 20:09 . 2007-03-07 20:09 4594 ----a-w- c:\program files\DVD Wizard PRO.rar
2007-03-07 20:08 . 2007-03-07 20:08 270 ----a-w- c:\program files\Dvd-to-dvdr.rar
2007-03-07 20:06 . 2007-03-07 20:06 5166979 ----a-w- c:\program files\Dvd-cloner.rar
2007-03-07 20:02 . 2007-03-07 20:02 155292 ----a-w- c:\program files\Blaze Media Pro.rar
2007-03-07 20:01 . 2007-03-07 20:01 201 ----a-w- c:\program files\Mozilla Firefox.rar
2007-03-07 19:57 . 2007-03-07 19:57 448669 ----a-w- c:\program files\Trojan Guarder Gold Version.rar
2005-11-12 14:12 . 2005-11-12 14:00 504965506 ----a-w- c:\program files\Jasc Software Inc.rar
2005-06-07 11:08 . 2005-06-07 11:08 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-01-24 16:01 . 2005-01-24 16:01 20279785 ----a-w- c:\program files\CyberLink.PowerEncoder.MPEG4.AVC.Edition.v1.0.Merry.Xmas-ROR.rar
2005-01-24 15:41 . 2005-01-24 15:41 10618 ----a-w- c:\program files\winrar3.42reg.htm
2004-12-06 01:21 . 2004-12-06 01:21 394775 ----a-w- c:\program files\1clickcombosetup.exe
2004-10-30 05:00 . 2005-03-24 15:13 34397 ----a-w- c:\program files\PictureSorter.zip
2004-06-14 14:40 . 2004-06-14 14:40 22251292 ----a-w- c:\program files\systemmechanicpro.exe
2004-05-25 16:27 . 2004-05-25 16:27 7272960 ----a-w- c:\program files\avg6688fu_free.exe
2004-05-19 04:16 . 2004-05-19 04:16 484 ----a-w- c:\program files\file_id.diz
2004-05-19 04:16 . 2004-05-19 04:16 8251 ----a-w- c:\program files\eithel.nfo
2004-03-03 01:42 . 2004-03-03 01:42 4361 ----a-r- c:\program files\e-Lunatic.diz
2001-05-09 12:11 . 2001-05-09 12:11 31 ----a-w- c:\program files\Install-KPTGoo.txt
1999-08-18 17:42 . 1999-08-18 17:42 3704689 ----a-r- c:\program files\KPTGOO.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_23.01.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-17 01:47 . 2009-09-23 19:02 10134 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
- 2009-09-17 01:47 . 2009-09-22 12:44 10134 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-05-09 361976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-09-17 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-09-17 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-09-17 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-09-22 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-09-22 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-09-22 259312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\SYSTEM32\CTASIO.DLL [2003-02-20 110592]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\Bonnie\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-12-5 24651]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 20:30 79368 ----a-w- c:\windows\SYSTEM32\UmxWNP.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 7:24 AM 801296]
R3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 6:10 PM 189704]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 7:24 AM 1010192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as Bonnie at 6 46 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredigames.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredigames.com/?loc=FF_Incredigame_AddressBar&search=
FF - plugin: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-09-23 16:11
ComboFix-quarantined-files.txt 2009-09-23 23:11
ComboFix2.txt 2009-09-22 23:07

Pre-Run: 157,333,204,992 bytes free
Post-Run: 157,312,360,448 bytes free

495 --- E O F --- 2009-09-20 10:08
 
eset online scanner results

C:\Documents and Settings\All Users\Documents\My Music\Incomplete\Preview-T-3045692-01 Track 1.wma WMA/TrojanDownloader.Wimad.D trojan
C:\Program Files\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\MSN Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{91895B5D-69AB-4CF4-8991-869FF3F62C0A}\RP132\A0015705.rbf a variant of Win32/Adware.ErrorRepair application
D:\zipped stuff\PROGRAMS\ud164 DISC TRIX\keygen.exe probably a variant of Win32/Agent trojan
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Files::
C:\Documents and Settings\All Users\Documents\My Music\Incomplete\Preview-T-3045692-01 Track 1.wma
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\riched20.dll
D:\zipped stuff\PROGRAMS\ud164 DISC TRIX\keygen.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?
 
new log

it seems to be running btter and my anti virus isn't going crazy any more. i am realy thank ful for your help any idea How my pc got in this condition? I'm usually really careful about downloads

ComboFix 09-09-23.02 - Bonnie 09/24/2009 10:49.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1854 [GMT -7:00]
Running from: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\My Documents\Downloads\CFScript.txt
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 23:42 . 2009-09-23 23:42 -------- d-----w- c:\program files\ESET
2009-09-23 23:32 . 2009-09-23 23:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-09-23 14:44 . 2009-09-23 14:44 -------- d-sh--w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\PrivacIE
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-09-22 21:02 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 21:02 . 2009-09-22 21:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 16:53 . 2009-09-22 16:53 -------- d-----w- C:\rsit
2009-09-19 20:48 . 2009-09-19 20:48 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-09-19 20:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-19 20:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-19 20:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-19 20:42 . 2009-09-19 20:43 -------- d-----w- C:\234563fc4a7886848891d2c7
2009-09-19 20:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-19 20:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-19 20:30 . 2009-09-19 20:30 -------- d-----r- C:\AHCache
2009-09-19 01:59 . 2009-09-19 01:59 -------- d-----w- c:\program files\Trend Micro
2009-09-18 21:00 . 2001-08-17 20:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-18 21:00 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-09-17 03:15 . 2009-09-20 14:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-09-17 03:14 . 2009-09-17 03:14 -------- d-----w- c:\program files\IncrediGames
2009-09-17 01:49 . 2009-09-17 01:48 880560 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-09-17 01:49 . 2009-09-17 01:48 108368 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-09-17 01:46 . 2007-08-20 20:38 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-09-17 01:46 . 2007-08-20 20:38 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-09-17 01:46 . 2007-08-20 20:38 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-09-17 01:46 . 2007-08-20 20:37 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-09-17 01:46 . 2007-08-20 20:37 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-09-17 01:46 . 2007-08-20 20:26 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-09-17 01:46 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CA
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON\LOCALS~1
2009-09-17 01:44 . 2009-09-17 01:44 -------- d-----w- c:\documents and settings\BONNIE~1~BON
2009-09-16 23:54 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-16 23:52 . 2009-07-20 01:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-16 23:52 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-16 23:52 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-16 23:52 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-16 23:52 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-16 23:52 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-13 10:01 . 2009-09-13 10:01 -------- d-----w- c:\program files\MSXML 4.0
2009-09-12 22:48 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-12 22:46 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-12 22:46 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-09-12 22:46 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-09-12 22:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-12 22:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-12 22:46 . 2009-06-10 16:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-12 22:46 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-12 22:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-12 22:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-12 22:45 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-12 16:21 . 2009-09-20 00:55 58432 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 09:38 . 2008-04-14 12:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-09-12 09:38 . 2004-08-02 21:20 4569 ------w- c:\windows\system32\secupd.dat
2009-09-11 01:14 . 2009-09-11 01:14 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Identities
2009-09-10 02:50 . 2008-04-14 00:11 1082368 ----a-w- c:\windows\system32\esent.dll
2009-09-08 23:18 . 2009-09-08 23:18 0 ----a-w- c:\windows\nsreg.dat
2009-09-08 23:18 . 2009-09-08 23:18 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Mozilla
2009-09-08 21:22 . 2009-09-08 21:22 -------- d-s---w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\UserData
2009-09-08 16:57 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\Yahoo
2009-09-08 16:21 . 2009-09-15 21:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-08 16:21 . 2009-09-08 16:22 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Yahoo!
2009-09-08 16:21 . 2009-09-08 16:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-09-08 16:15 . 2009-09-08 16:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:17 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\IM
2009-09-08 16:14 . 2009-09-08 16:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail
2009-09-08 15:49 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-08 15:48 . 2008-12-16 12:30 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-09-08 15:48 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-09-08 15:48 . 2008-04-14 00:11 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-09-08 15:48 . 2008-04-14 00:11 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-09-08 15:45 . 2008-10-16 21:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2009-09-08 15:45 . 2008-10-16 21:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-09-08 15:45 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-09-08 15:45 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-09-08 15:45 . 2008-04-14 00:12 165888 ----a-w- c:\windows\system32\wuauclt1.exe
2009-09-08 15:45 . 2008-04-14 00:12 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2009-09-08 15:29 . 2009-09-08 15:29 -------- d-----w- c:\program files\Broadcom
2009-09-08 01:52 . 2003-07-16 20:51 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-09-08 01:52 . 2003-07-16 20:51 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-09-08 01:50 . 2008-04-14 00:09 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2009-09-08 01:47 . 2003-07-16 20:48 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2009-09-08 01:47 . 2003-07-16 20:30 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2009-09-08 01:47 . 2003-07-16 20:30 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2009-09-08 01:46 . 2008-04-14 00:12 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2009-09-08 01:46 . 2008-04-14 00:12 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-09-08 01:37 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2009-09-08 01:30 . 2009-09-08 01:30 -------- d-----w- C:\$WIN_NT$.~BT
2009-09-07 21:55 . 2009-09-23 23:34 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:55 . 2009-09-23 23:34 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-10031102}.dat
2009-09-07 21:54 . 2009-09-07 21:54 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Creative
2009-09-07 21:53 . 2009-09-07 21:53 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Jasc Software Inc
2009-09-07 21:48 . 2009-09-07 21:48 184 ----a-w- c:\windows\system32\e000001.dat
2009-09-07 21:48 . 2003-03-05 19:19 15840 ----a-w- c:\windows\system32\pfmodnt.sys
2009-09-07 21:48 . 2003-01-15 18:41 77824 ----a-w- c:\windows\system32\ctdvda32.dll
2009-09-07 21:48 . 2003-01-27 23:32 831600 ----a-w- c:\windows\system32\Ctaa1.dat
2009-09-07 21:48 . 2001-05-28 20:47 12288 ----a-w- c:\windows\system32\AHQCpURes.dll
2009-09-07 21:47 . 2001-03-30 09:00 62976 ----a-w- c:\windows\system32\CTDetres.dll
2009-09-07 21:47 . 1999-12-13 08:01 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-09-07 21:47 . 1999-11-18 08:00 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2009-09-07 21:47 . 2002-02-20 09:00 331776 ----a-w- c:\windows\system32\CTMEDENG.DLL
2009-09-07 21:47 . 2000-04-20 08:00 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-09-07 21:03 . 2009-09-10 22:45 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Local Settings\Application Data\ApplicationHistory
2009-09-07 20:33 . 2003-08-28 23:58 4272 ----a-r- c:\windows\system32\drivers\bvrp_pci.sys
2009-09-07 20:08 . 2002-01-09 00:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-09-07 20:08 . 2000-03-23 19:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-09-07 20:08 . 1998-06-18 06:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-09-07 20:08 . 2001-08-22 15:42 13632 ----a-w- c:\windows\system32\drivers\omci.sys
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\MSN6
2009-09-07 19:38 . 2009-09-07 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
2009-09-07 19:23 . 2003-03-21 22:56 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe
2009-09-07 19:21 . 2009-09-19 03:34 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2009-09-07 12:16 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-07 12:16 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-07 12:16 . 2001-08-17 13:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-07 12:16 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-07 12:16 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 01:41 . 2009-09-12 16:21 2558 ----a-w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\wklnhst.dat
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-23 23:34 . 2009-09-17 00:00 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-09-18 21:01 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Road Runner
2009-09-17 03:14 . 2005-08-10 14:36 -------- d-----w- c:\program files\Oberon Media
2009-09-17 00:29 . 2009-09-17 00:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Road Runner
2009-09-17 00:29 . 2009-09-17 00:01 -------- d-----w- c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Simple Star
2009-09-17 00:27 . 2007-03-04 23:53 -------- d-----w- c:\program files\Common Files\Simple Star Shared
2009-09-17 00:27 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star Shared
2009-09-17 00:26 . 2007-03-04 23:53 -------- d-----w- c:\program files\Road Runner
2009-09-17 00:26 . 2009-09-17 00:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simple Star
2009-09-12 16:05 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Picture It! 9
2009-09-12 16:03 . 2004-02-21 16:22 -------- d-----w- c:\program files\Microsoft Streets and Trips
2009-09-12 16:02 . 2004-02-21 16:21 -------- d-----w- c:\program files\Microsoft Money
2009-09-12 15:58 . 2004-02-21 16:20 -------- d-----w- c:\program files\Microsoft Works
2009-09-08 16:22 . 2004-02-25 20:07 -------- d-----w- c:\program files\Yahoo!
2009-09-08 16:15 . 2004-04-24 13:33 -------- d-----w- c:\program files\IncrediMail
2009-09-08 01:47 . 2009-09-07 19:20 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-07 22:01 . 2004-02-21 16:14 -------- d-----w- c:\program files\Modem Helper
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-09-07 21:44 . 2004-02-21 16:14 -------- d-----w- c:\program files\Sonic
2009-09-05 17:35 . 2004-02-21 16:07 -------- d-----w- c:\program files\Java
2009-08-31 15:18 . 2004-03-02 21:22 32022 ----a-w- c:\documents and settings\Bonnie\Application Data\wklnhst.dat
2009-08-23 04:04 . 2009-06-16 02:02 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Cabos
2009-08-16 23:55 . 2009-08-16 23:55 -------- d-----w- c:\program files\FriendFinder
2009-08-12 11:22 . 2008-03-27 13:38 -------- d-----w- c:\program files\Safari
2009-08-11 19:16 . 2009-08-11 19:16 -------- d-----w- c:\program files\Common Files\TSCUninstall
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Profile Pimp
2009-08-09 17:59 . 2009-08-09 17:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-08-05 12:35 . 2009-08-05 12:34 -------- d-----w- c:\program files\iTunes
2009-08-05 12:34 . 2009-08-05 12:34 -------- d-----w- c:\program files\iPod
2009-08-05 12:34 . 2007-07-05 21:15 -------- d-----w- c:\program files\Common Files\Apple
2009-08-05 09:01 . 2003-07-16 20:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 02:22 . 2009-06-27 23:25 -------- d-----w- c:\documents and settings\Bonnie\Application Data\Image Zone Express
2009-07-29 04:37 . 2005-10-17 21:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 19:21 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-06-23 18:33 915456 ------w- c:\windows\system32\wininet.dll
2007-03-07 20:09 . 2007-03-07 20:09 1009205 ----a-w- c:\program files\DVD Decrypter.rar
2007-03-07 20:09 . 2007-03-07 20:09 1168 ----a-w- c:\program files\DVD Shrink.rar
2007-03-07 20:09 . 2007-03-07 20:09 4594 ----a-w- c:\program files\DVD Wizard PRO.rar
2007-03-07 20:08 . 2007-03-07 20:08 270 ----a-w- c:\program files\Dvd-to-dvdr.rar
2007-03-07 20:06 . 2007-03-07 20:06 5166979 ----a-w- c:\program files\Dvd-cloner.rar
2007-03-07 20:02 . 2007-03-07 20:02 155292 ----a-w- c:\program files\Blaze Media Pro.rar
2007-03-07 20:01 . 2007-03-07 20:01 201 ----a-w- c:\program files\Mozilla Firefox.rar
2007-03-07 19:57 . 2007-03-07 19:57 448669 ----a-w- c:\program files\Trojan Guarder Gold Version.rar
2005-11-12 14:12 . 2005-11-12 14:00 504965506 ----a-w- c:\program files\Jasc Software Inc.rar
2005-06-07 11:08 . 2005-06-07 11:08 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-01-24 16:01 . 2005-01-24 16:01 20279785 ----a-w- c:\program files\CyberLink.PowerEncoder.MPEG4.AVC.Edition.v1.0.Merry.Xmas-ROR.rar
2005-01-24 15:41 . 2005-01-24 15:41 10618 ----a-w- c:\program files\winrar3.42reg.htm
2004-12-06 01:21 . 2004-12-06 01:21 394775 ----a-w- c:\program files\1clickcombosetup.exe
2004-10-30 05:00 . 2005-03-24 15:13 34397 ----a-w- c:\program files\PictureSorter.zip
2004-06-14 14:40 . 2004-06-14 14:40 22251292 ----a-w- c:\program files\systemmechanicpro.exe
2004-05-25 16:27 . 2004-05-25 16:27 7272960 ----a-w- c:\program files\avg6688fu_free.exe
2004-05-19 04:16 . 2004-05-19 04:16 484 ----a-w- c:\program files\file_id.diz
2004-05-19 04:16 . 2004-05-19 04:16 8251 ----a-w- c:\program files\eithel.nfo
2004-03-03 01:42 . 2004-03-03 01:42 4361 ----a-r- c:\program files\e-Lunatic.diz
2001-05-09 12:11 . 2001-05-09 12:11 31 ----a-w- c:\program files\Install-KPTGoo.txt
1999-08-18 17:42 . 1999-08-18 17:42 3704689 ----a-r- c:\program files\KPTGOO.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_23.01.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-23 23:36 . 2009-09-23 23:36 16384 c:\windows\temp\Perflib_Perfdata_b80.dat
+ 2009-09-23 23:35 . 2009-09-23 23:35 16384 c:\windows\temp\Perflib_Perfdata_7fc.dat
+ 2009-09-24 15:29 . 2009-09-24 15:29 85173 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-09-23 23:38 . 2009-09-23 23:38 87617 c:\windows\SYSTEM32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\SYSTEM32\Adobe\Shockwave 11\gtapi.dll
- 2009-09-17 01:47 . 2009-09-22 12:44 10134 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2009-09-17 01:47 . 2009-09-24 12:33 10134 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\SYSTEM32\Adobe\Shockwave 11\DynaPlayer.dll
- 2009-09-12 15:57 . 2009-09-16 23:41 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-09-12 15:57 . 2009-09-23 23:49 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-09-12 15:57 . 2009-09-16 23:41 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-09-23 23:32 . 2009-09-23 23:32 2560 c:\windows\_MSRSTRT.EXE
+ 2009-07-21 06:59 . 2009-07-21 06:59 132472 c:\windows\SYSTEM32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-21 08:17 . 2009-07-21 08:17 468408 c:\windows\SYSTEM32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\SYSTEM32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\SYSTEM32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 714752 c:\windows\SYSTEM32\Adobe\Shockwave 11\gi.dll
+ 2009-07-21 08:04 . 2009-07-21 08:04 614400 c:\windows\SYSTEM32\Adobe\Shockwave 11\Control.dll
+ 2009-07-21 08:18 . 2009-07-21 08:18 206264 c:\windows\SYSTEM32\Adobe\Director\SwDir.dll
+ 2009-07-21 08:03 . 2009-07-21 08:03 131072 c:\windows\SYSTEM32\Adobe\Director\np32dsw.dll
+ 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\SYSTEM32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-21 06:59 . 2009-07-21 06:59 1886320 c:\windows\SYSTEM32\Adobe\Shockwave 11\gt.exe
+ 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\SYSTEM32\Adobe\Shockwave 11\dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-08-10 251264]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Road Runner PhotoShow Media Manager"="c:\progra~1\ROADRU~2\PHOTOS~1\data\Xtras\mssysmgr.exe" [2008-05-09 361976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-09-17 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-09-17 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-09-17 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-09-23 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-09-23 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-09-23 259312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CTHELPER.EXE [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" - c:\windows\SYSTEM32\CTASIO.DLL [2003-02-20 110592]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\Bonnie\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-12-5 24651]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 20:30 79368 ----a-w- c:\windows\SYSTEM32\UmxWNP.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 7:24 AM 801296]
R3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 6:10 PM 189704]
S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 7:24 AM 1010192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as Bonnie at 6 46 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredigames.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredigames.com/?loc=FF_Incredigame_AddressBar&search=
FF - plugin: c:\documents and settings\Bonnie.BONNIE-FM4OD1WD\Application Data\Mozilla\Firefox\Profiles\1w7ph4cv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\System32\Macromed\Flash\uninstall_activeX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 10:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\CLBCATQ.DLL
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2068)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-09-24 11:01
ComboFix-quarantined-files.txt 2009-09-24 18:01
ComboFix2.txt 2009-09-23 23:12
ComboFix3.txt 2009-09-22 23:07

Pre-Run: 157,344,481,280 bytes free
Post-Run: 157,315,616,768 bytes free

378 --- E O F --- 2009-09-20 10:08
 
You must log in or register to reply here.
Back
Top