Thread: I also have the "unsolicited browser pops" problem. Tks
View Single Post
Old 11-09-2008, 11:04 AM   #1 (permalink)
foreverhappy
Registered User
 
Join Date: Nov 2008
Posts: 5
OS: windowsXP


EEK! I also have the "unsolicited browser pops" problem. Tks
I have this computer for 2 years and never had a virus/spyware problem.
Then yesterday, 11.8.2008 something happened.

WindowsXP Professional
Version 5.1 service pack 3

I have Zone Alarm anti-virus.
I never had any spyware protection.
I have played on pogo.com for years without a problem.
I added HideMyIP about 3 months ago, no problem before.

The only different things I can think of:

1. I have been searching the net since October for a new place
2. I have been to bored.com to play games
3. I updated both windows and zone alarm on 11.8.2008 and maybe somewhat my computer was wide open for a few minutes/hours (I did both at the same time and I will never do it again!)

I was printing and then my printer lost connection, which was very weird.
Then I saw the unsolicited browser popups (scary).
And twice my computer turned off on itself.

I installed spy-bot and then adware and they picked stuff and they were removed.
But whenever I booted the stuff was all back again.

I uninstalled Spybot (do not like it) and Adware found more stuff.

Every reboot AdWatch picks up 1,000+ of notifications queued, meaning modifications in registry or else.

Zone Alarm picked up Trojan.Win32.BHO.hzf twice

There was something with a V on spybot (sorry that I did not save that name), that was huge.

After a lost Saturday, more than 5 scans, install/uninstall, and all, I STILL HAVE the browser popups.

My logs are attached.
Not sure if I did all right.

You all are great.
Tks




GMER

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-09 12:27:37
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0x9F3C98D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0x9F3C66E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0x9F3D3490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0x9F3C9E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x9F3D0C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x9F3D0E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0x9F3D4D50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x9F3C9F80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x9F3C6C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x9F3D3D10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x9F3D3AC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9F3D0600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0x9F3C33B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0x9F3D4230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x9F3D42B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x9F3D4FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0x9F3C6AD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x9F3D24F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0x9F3D22B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0x9F3D4970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9F3D43D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x9F3C94F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x9F3D47C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x9F3C9AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x9F3C6EA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0x9F3C3190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x9F3D3800]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9F3D1580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x9F3D1400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0x9F3C35D0]

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [ 90, 9E, 3C, 9F, 80, 0C, 3D, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CBE 8050455A 6 Bytes [ 3C, 9F, 10, 3D, 3D, 9F ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [ B0, 33, 3C, 9F, 30, 42, 3D, ... ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [9F3CC780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [9F3CC780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [9F3CC780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [9F3CC780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [9F3CE410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [9F3CC780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [9F3CEB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [9F3CE220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip NSDriver.sys (Driver for Ad-Watch network monitoring/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp NSDriver.sys (Driver for Ad-Watch network monitoring/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp NSDriver.sys (Driver for Ad-Watch network monitoring/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp NSDriver.sys (Driver for Ad-Watch network monitoring/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Processes - GMER 1.0.14 ----

Process C:\WINDOWS\hh.exe (*** hidden *** ) 2340

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{267F94DB-C473-0152-0C28-E747A99A9621}

---- EOF - GMER 1.0.14 ----

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

RSIT LOGS (the log copied into the info)

info.txt logfile of random's system information tool 1.04 2008-11-09 12:29:54

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Active@ ISO Burner v 1.1-->C:\PROGRA~1\LSOFTT~1\ACTIVE~1\UNWISE.EXE C:\PROGRA~1\LSOFTT~1\ACTIVE~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
BCWipe 3.0-->"C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BCWipe\UnInstall.log
BCWipePD 2.0-->"C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BCWipePD\UnInstall.log
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Hide My IP 2008-->"C:\Program Files\Hide My IP 2008\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iolo technologies' System Mechanic 7-->"C:\Program Files\iolo\System Mechanic 7\unins000.exe"
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Meleon 1.1.5 en-US (remove only)-->C:\Program Files\K-Meleon\uninstall.exe
Lexmark 5400 Series-->C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
McAfee SiteAdvisor-->C:\Program Files\SiteAdvisor\6261\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Butterfly\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetExchangePro 3.0-->C:\PROGRA~1\NETEXC~1.0\UNWISE.EXE C:\PROGRA~1\NETEXC~1.0\INSTALL.LOG
Paint.NET v3.22-->MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Smart Explorer 6.1-->"C:\Program Files\Smart Explorer\unins000.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
UltraLott Florida 1.2.2-->"C:\Program Files\UltraLott Florida\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinUndelete-->C:\PROGRA~1\WINUND~1\UNWISE.EXE C:\PROGRA~1\WINUND~1\INSTALL.LOG
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Anti-virus-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Anti-virus Antivirus
FW: ZoneAlarm Anti-virus Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"tvdumpflags"=8

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Butterfly at 2008-11-09 12:29:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 274 GB (91%) free of 302 GB
Total RAM: 2038 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:52 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Butterfly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0536B141-B343-4F7B-986F-7BEC8583A4Ec} - (no file)
O2 - BHO: (no name) - {99E6C646-C8F3-4742-B2E4-20CDA1ACA9EB} - C:\WINDOWS\system32\byXppPhI.dll (file missing)
O2 - BHO: {855c78ee-8de0-409a-88a4-fa689c722fda} - {adf227c9-86af-4a88-a904-0ed8ee87c558} - C:\WINDOWS\system32\imqrcf.dll
O2 - BHO: (no name) - {B0B3393C-62D1-44D8-ABF5-08E0F067F29E} - C:\WINDOWS\system32\mlJaBUOe.dll
O2 - BHO: (no name) - {BCC5D6E1-C81A-4D13-BD12-F6B50B40DB8D} - C:\WINDOWS\system32\pmnmnKEu.dll (file missing)
O2 - BHO: (no name) - {BF271355-A295-4832-A5F7-66EBD2B8F327} - C:\WINDOWS\system32\awtSljjK.dll
O2 - BHO: (no name) - {F84E8C4C-242A-4900-83DD-4AE76E52BF33} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKLM\..\Run: [14a3f3b1] rundll32.exe "C:\WINDOWS\system32\ksmlujdb.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Butterfly\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [HideMyIP2008] C:\Program Files\Hide My IP 2008\HideMyIP2008.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/po...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79F95549-09CA-48E7-B953-4E1A71AB9071}: NameServer = 209.84.253.11,209.84.253.12
O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021}
O18 - Filter hijack: text/html - {cbfd44e2-b8ca-4bbf-ad3d-1e7de6ffb651} - C:\WINDOWS\system32\msziptools.dll
O20 - AppInit_DLLs: dbyhlk.dll imqrcf.dll
O20 - Winlogon Notify: mlJaBUOe - C:\WINDOWS\SYSTEM32\mlJaBUOe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8471 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0536B141-B343-4F7B-986F-7BEC8583A4Ec}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E6C646-C8F3-4742-B2E4-20CDA1ACA9EB}]
C:\WINDOWS\system32\byXppPhI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adf227c9-86af-4a88-a904-0ed8ee87c558}]
C:\WINDOWS\system32\imqrcf.dll [2008-11-09 103424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0B3393C-62D1-44D8-ABF5-08E0F067F29E}]
C:\WINDOWS\system32\mlJaBUOe.dll [2008-11-08 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCC5D6E1-C81A-4D13-BD12-F6B50B40DB8D}]
C:\WINDOWS\system32\pmnmnKEu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF271355-A295-4832-A5F7-66EBD2B8F327}]
C:\WINDOWS\system32\awtSljjK.dll [2008-11-09 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F84E8C4C-242A-4900-83DD-4AE76E52BF33}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll []
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"SMSystemAnalyzer"=C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe [2008-05-06 764776]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE []
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-21 185896]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"lxctmon.exe"=C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2006-06-20 286720]
"Lexmark 5400 Series Fax Server"=C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-07-10 294912]
"EzPrint"=C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-06-06 98304]
"LXCTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe [2008-11-08 2468200]
"brastk"=C:\WINDOWS\system32\brastk.exe []
"14a3f3b1"=C:\WINDOWS\system32\ksmlujdb.dll [2008-11-09 70144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"cdloader"=C:\Documents and Settings\Butterfly\Application Data\mjusbsp\cdloader2.exe MAGICJACK []
"HideMyIP2008"=C:\Program Files\Hide My IP 2008\HideMyIP2008.exe [2008-04-12 913408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-11-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-06-06 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-07-10 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2006-06-20 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-06-29 24633]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="dbyhlk.dll imqrcf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJaBUOe]
C:\WINDOWS\system32\mlJaBUOe.dll [2008-11-08 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B0B3393C-62D1-44D8-ABF5-08E0F067F29E}"=C:\WINDOWS\system32\mlJaBUOe.dll [2008-11-08 35328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\awtSljjK

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\lxctcoms.exe"="C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Butterfly\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Butterfly\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296afdda-4e0a-11dd-88cc-001676baf5ec}]
shell\AutoRun\command - F:\autorun.exe
shell\phone\command - F:\autorun.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-11-09 12:29:47 ----D---- C:\rsit
2008-11-09 11:17:39 ----A---- C:\WINDOWS\gmer.ini
2008-11-09 11:17:34 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-09 11:17:34 ----A---- C:\WINDOWS\gmer.exe
2008-11-09 11:17:34 ----A---- C:\WINDOWS\gmer.dll
2008-11-09 09:57:56 ----D---- C:\Program Files\gmer
2008-11-09 09:48:31 ----A---- C:\Program Files\RSIT.exe
2008-11-09 09:21:36 ----D---- C:\Program Files\Trend Micro
2008-11-09 09:03:55 ----A---- C:\WINDOWS\system32\imqrcf.dll
2008-11-09 09:03:54 ----A---- C:\WINDOWS\system32\oltrlcte.dll
2008-11-09 09:02:06 ----SH---- C:\WINDOWS\system32\bdjulmsk.ini
2008-11-09 09:02:03 ----A---- C:\WINDOWS\system32\ksmlujdb.dll
2008-11-09 09:00:44 ----ASH---- C:\WINDOWS\system32\KjjlStwa.ini2
2008-11-09 09:00:44 ----ASH---- C:\WINDOWS\system32\KjjlStwa.ini
2008-11-09 09:00:40 ----A---- C:\WINDOWS\system32\awtSljjK.dll
2008-11-08 21:42:45 ----ASH---- C:\WINDOWS\system32\IhPppXyb.ini2
2008-11-08 18:24:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 18:22:58 ----A---- C:\Program Files\aaw2008.exe
2008-11-08 18:03:06 ----A---- C:\WINDOWS\system32\dbyhlk.dll
2008-11-08 18:03:05 ----A---- C:\WINDOWS\system32\dfdopceg.dll
2008-11-08 17:57:05 ----ASH---- C:\WINDOWS\system32\IhPppXyb.ini
2008-11-08 16:24:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-08 16:24:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 16:04:12 ----A---- C:\WINDOWS\system32\gyjdxp.dll
2008-11-08 16:04:10 ----A---- C:\WINDOWS\system32\tdqqejgq.dll
2008-11-08 16:03:43 ----A---- C:\WINDOWS\system32\1f8037cf-.txt
2008-11-08 16:02:29 ----ASH---- C:\WINDOWS\system32\uEKnmnmp.ini
2008-11-08 16:02:21 ----A---- C:\Program Files\windows-kb890830-v2.3.exe
2008-11-08 15:54:40 ----A---- C:\WINDOWS\system32\mlJaBUOe.dll
2008-11-08 15:54:40 ----A---- C:\WINDOWS\system32\khfGyxuU.dll
2008-11-08 15:54:40 ----A---- C:\WINDOWS\system32\geBuUkiI.dll
2008-11-08 15:54:40 ----A---- C:\WINDOWS\system32\ddcccaYs.dll
2008-11-08 11:36:29 ----D---- C:\WINDOWS\system32\sX3i19
2008-11-08 11:05:49 ----A---- C:\WINDOWS\system32\lxctvs.dll
2008-11-08 11:05:48 ----A---- C:\WINDOWS\system32\lxctcoin.dll
2008-11-08 11:05:25 ----A---- C:\WINDOWS\system32\lxctcaps.dll
2008-11-08 11:05:24 ----A---- C:\WINDOWS\system32\lxctdrs.dll
2008-11-08 11:05:24 ----A---- C:\WINDOWS\system32\lxctcnv4.dll
2008-11-08 11:04:30 ----A---- C:\WINDOWS\system32\lxctpmrc.dll
2008-11-08 11:04:30 ----A---- C:\WINDOWS\system32\lxctpmon.dll
2008-11-08 11:04:30 ----A---- C:\WINDOWS\system32\LXCTFXPU.DLL
2008-11-08 11:02:28 ----D---- C:\Program Files\Lexmark 5400 Series
2008-11-08 11:02:17 ----A---- C:\WINDOWS\system32\LXCTinst.dll
2008-11-08 11:02:16 ----A---- C:\WINDOWS\system32\lxctinpa.dll
2008-11-08 11:02:16 ----A---- C:\WINDOWS\system32\lxctiesc.dll
2008-11-08 11:02:15 ----A---- C:\WINDOWS\system32\lxctutil.dll
2008-11-08 11:02:15 ----A---- C:\WINDOWS\system32\lxctusb1.dll
2008-11-08 11:02:15 ----A---- C:\WINDOWS\system32\lxctserv.dll
2008-11-08 11:02:14 ----A---- C:\WINDOWS\system32\lxctprox.dll
2008-11-08 11:02:14 ----A---- C:\WINDOWS\system32\lxctpplc.dll
2008-11-08 11:02:14 ----A---- C:\WINDOWS\system32\lxctpmui.dll
2008-11-08 11:02:13 ----A---- C:\WINDOWS\system32\lxctlmpm.dll
2008-11-08 11:02:13 ----A---- C:\WINDOWS\system32\lxctjswr.dll
2008-11-08 11:02:13 ----A---- C:\WINDOWS\system32\lxctinsb.dll
2008-11-08 11:02:12 ----A---- C:\WINDOWS\system32\lxctinsr.dll
2008-11-08 11:02:12 ----A---- C:\WINDOWS\system32\lxctins.dll
2008-11-08 11:02:12 ----A---- C:\WINDOWS\system32\lxctih.exe
2008-11-08 11:02:12 ----A---- C:\WINDOWS\system32\lxcthbn3.dll
2008-11-08 11:02:11 ----A---- C:\WINDOWS\system32\lxctgrd.dll
2008-11-08 11:02:11 ----A---- C:\WINDOWS\system32\lxctgf.dll
2008-11-08 11:02:10 ----A---- C:\WINDOWS\system32\lxctcur.dll
2008-11-08 11:02:10 ----A---- C:\WINDOWS\system32\lxctcub.dll
2008-11-08 11:02:10 ----A---- C:\WINDOWS\system32\lxctcu.dll
2008-11-08 11:02:09 ----A---- C:\WINDOWS\system32\lxctcoms.exe
2008-11-08 11:02:09 ----A---- C:\WINDOWS\system32\lxctcomm.dll
2008-11-08 11:02:09 ----A---- C:\WINDOWS\system32\lxctcomc.dll
2008-11-08 11:02:08 ----A---- C:\WINDOWS\system32\lxctcfg.exe
2008-11-08 11:02:07 ----A---- C:\WINDOWS\system32\LXCTcfg.dll
2008-11-08 08:04:47 ----D---- C:\WINDOWS\Prefetch
2008-11-08 08:00:26 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-11-08 07:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-08 07:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-08 07:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-08 07:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-08 07:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-08 07:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-08 07:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-08 07:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-08 07:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-08 07:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-08 07:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-08 07:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-08 07:55:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-08 07:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-08 07:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-08 07:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 07:50:40 ----D---- C:\WINDOWS\system32\scripting
2008-11-08 07:50:39 ----D---- C:\WINDOWS\system32\en
2008-11-08 07:50:39 ----D---- C:\WINDOWS\system32\bits
2008-11-08 07:50:39 ----D---- C:\WINDOWS\l2schemas
2008-11-08 07:50:39 ----D---- C:\Program Files\msn
2008-11-08 07:48:12 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-08 07:44:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-02 14:03:46 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 14:03:46 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 14:03:46 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 14:03:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-27 20:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-27 20:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-27 20:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-27 20:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-27 20:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-27 20:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-27 20:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-27 20:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-27 20:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-27 20:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-27 20:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-27 20:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-27 20:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-27 20:23:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-27 18:20:58 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-10-27 18:20:52 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-10-27 18:20:52 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-27 18:20:50 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-27 18:20:50 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-27 18:20:45 ----N---- C:\WINDOWS\slrundll.exe
2008-10-27 18:20:45 ----A---- C:\WINDOWS\system32\slserv.exe
2008-10-27 18:20:45 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-10-27 18:20:45 ----A---- C:\WINDOWS\system32\slgen.dll
2008-10-27 18:20:44 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-10-27 18:20:44 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-10-27 18:20:43 ----A---- C:\WINDOWS\system32\setupn.exe
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\qutil.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-10-27 18:20:42 ----A---- C:\WINDOWS\system32\qagent.dll
2008-10-27 18:20:39 ----A---- C:\WINDOWS\system32\onex.dll
2008-10-27 18:20:36 ----A---- C:\WINDOWS\system32\napstat.exe
2008-10-27 18:20:36 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-10-27 18:20:36 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-10-27 18:20:36 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-27 18:20:35 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-27 18:20:35 ----A---- C:\WINDOWS\system32\mssha.dll
2008-10-27 18:20:28 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-10-27 18:20:28 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-27 18:20:28 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-10-27 18:20:28 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-27 18:20:23 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-27 18:20:17 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-10-27 18:20:17 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-10-27 18:20:16 ----A---- C:\WINDOWS\system32\comsdupd.exe
2008-10-27 18:20:14 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-27 18:20:11 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-27 18:20:10 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-27 18:20:09 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-10-27 18:20:08 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-10-27 18:20:08 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-27 18:20:08 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-27 18:20:06 ----A---- C:\WINDOWS\system32\credssp.dll
2008-10-27 18:20:03 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-27 18:20:03 ----A---- C:\WINDOWS\system32\azroles.dll
2008-10-27 18:20:03 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-27 18:20:03 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-27 18:20:02 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-27 18:20:02 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-27 18:20:02 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-27 18:20:02 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-27 18:20:02 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-27 18:20:01 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-22 17:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\RLUHVKKCYG
2008-10-19 17:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\XRUHVKKCYG

======List of files/folders modified in the last 1 months======

2008-11-09 12:29:13 ----D---- C:\WINDOWS\Internet Logs
2008-11-09 11:57:51 ----D---- C:\WINDOWS\Temp
2008-11-09 11:56:13 ----D---- C:\Program Files\Lx_cats
2008-11-09 11:55:41 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-11-09 11:24:07 ----D---- C:\Program Files\Mozilla Firefox
2008-11-09 11:17:39 ----D---- C:\WINDOWS
2008-11-09 11:17:34 ----D---- C:\WINDOWS\system32\drivers
2008-11-09 11:05:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 09:57:56 ----D---- C:\Program Files
2008-11-09 09:27:14 ----D---- C:\WINDOWS\system32
2008-11-09 09:03:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 09:01:40 ----A---- C:\rollback.ini
2008-11-08 21:41:50 ----A---- C:\WINDOWS\wininit.ini
2008-11-08 20:49:37 ----D---- C:\WINDOWS\CSC
2008-11-08 18:27:10 ----SHD---- C:\WINDOWS\Installer
2008-11-08 18:27:10 ----SHD---- C:\Config.Msi
2008-11-08 18:24:50 ----D---- C:\Program Files\Lavasoft
2008-11-08 18:24:06 ----D---- C:\Program Files\Common Files
2008-11-08 17:56:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-08 15:54:53 ----SHD---- C:\WINDOWS\system32\dllcache
2008-11-08 11:36:29 ----D---- C:\Temp
2008-11-08 11:07:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-08 11:05:53 ----HD---- C:\WINDOWS\inf
2008-11-08 11:03:14 ----D---- C:\Program Files\Lexmark Toolbar
2008-11-08 0853 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-08 0850 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-08 0821 ----A---- C:\WINDOWS\setuplog.txt
2008-11-08 08:04:02 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-11-08 08:04:01 ----D---- C:\WINDOWS\system32\wbem
2008-11-08 08:04:01 ----D---- C:\WINDOWS\system32\Setup
2008-11-08 08:04:01 ----D---- C:\WINDOWS\AppPatch
2008-11-08 08:04:00 ----RSD---- C:\WINDOWS\Fonts
2008-11-08 08:00:54 ----D---- C:\WINDOWS\security
2008-11-08 07:55:15 ----D---- C:\Program Files\Messenger
2008-11-08 07:51:11 ----D---- C:\WINDOWS\WinSxS
2008-11-08 07:50:48 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-08 07:50:48 ----D---- C:\WINDOWS\network diagnostic
2008-11-08 07:50:48 ----D---- C:\WINDOWS\ime
2008-11-08 07:50:48 ----D---- C:\WINDOWS\Help
2008-11-08 07:50:41 ----D---- C:\WINDOWS\system32\usmt
2008-11-08 07:50:41 ----D---- C:\WINDOWS\system32\en-US
2008-11-08 07:50:39 ----D---- C:\WINDOWS\PeerNet
2008-11-08 07:50:39 ----D---- C:\Program Files\Movie Maker
2008-11-08 07:48:04 ----D---- C:\WINDOWS\system32\Restore
2008-11-08 07:48:04 ----D---- C:\WINDOWS\system32\npp
2008-11-08 07:48:04 ----D---- C:\WINDOWS\mui
2008-11-08 07:48:03 ----D---- C:\WINDOWS\msagent
2008-11-08 07:48:02 ----D---- C:\WINDOWS\srchasst
2008-11-08 07:48:01 ----D---- C:\WINDOWS\system32\Com
2008-11-08 07:48:01 ----D---- C:\Program Files\NetMeeting
2008-11-08 07:47:59 ----D---- C:\Program Files\Windows Media Player
2008-11-08 07:47:58 ----D---- C:\Program Files\Windows NT
2008-11-08 07:47:58 ----D---- C:\Program Files\Outlook Express
2008-11-08 07:47:56 ----D---- C:\Program Files\Common Files\System
2008-11-08 07:47:46 ----D---- C:\WINDOWS\system32\oobe
2008-11-08 07:47:44 ----D---- C:\WINDOWS\system
2008-11-08 07:45:55 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-08 07:44:34 ----D---- C:\WINDOWS\ehome
2008-11-06 07:47:26 ----D---- C:\Program Files\BadgeHelp
2008-11-02 14:04:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-02 14:03:24 ----D---- C:\Program Files\Java
2008-11-01 20:18:32 ----A---- C:\SearchLine.Txt
2008-10-30 07:07:09 ----D---- C:\Program Files\NetExchange Pro3.0
2008-10-27 20:27:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-27 20:27:29 ----D---- C:\Program Files\Internet Explorer
2008-10-27 20:27:23 ----D---- C:\WINDOWS\ie7updates
2008-10-27 20:27:05 ----A---- C:\WINDOWS\win.ini
2008-10-27 20:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-27 17:57:27 ----D---- C:\WINDOWS\Debug
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-09-18 148496]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-04-17 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-09 85969]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-03-17 1033600]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-03-17 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\system32\drivers\pfc.sys []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-13 96512]
S4 BCSWAP;BCSWAP; \??\C:\WINDOWS\system32\drivers\BCSWAP.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-08 611664]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-02 152984]
R2 lxct_device;lxct_device; C:\WINDOWS\system32\lxctcoms.exe [2006-07-13 528384]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-05-22 345376]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-07-13 45056]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 SecureSrv;SecureSrv; C:\Program Files\Hide My IP 2008\SecureSrv.exe [2008-09-05 110880]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
foreverhappy is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here