All kinds of things have been going on with this machine:

Last week, Internet Explorer just stopped working. It would launch and then close before the window loaded. We have Firefox and it seems to be working fine. Then this morning I got this Virus Detection message from McAfee that we had a Trojan Infection and it couldn't be cleaned or removed. It was detected as "dpnmodem32.dll". A few minutes after that I lost all of my desktop icons and couldn't do anything.

I restarted the machine a few time and nothing worked. I logged in with my wifes user name and was okay but she has been having trouble loosing her icons from time to time as well.

Thanks in advance for any help you can provide. I try to stay on top of these things but this one is over my head. Cheers.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:48 PM, on 13/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpnmodem32.dll
O20 - Winlogon Notify: 8f97172502 - C:\WINDOWS\System32\dpnmodem32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 9789 bytes

First:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Second:
1. Download Random's system information tool (RSIT) from here:
http://images.malwareremoval.com/random/RSIT.exe

Choose to *save* the file to your desktop.

2. Double click on RSIT.exe to run the tool.

3. Click *Continue* at the disclaimer screen.

4. Once it has finished, two logs will open in two separate notepad instances.

Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized). You can just copy and paste the text from those logs into a reply to this topic here.

Thanks again for your help. I really appreciate you taking the time.

Malwarebytes' Anti-Malware 1.30
Database version: 1399
Windows 5.1.2600 Service Pack 3

14/11/2008 6:21:43 PM
mbam-log-2008-11-14 (18-21-43).txt

Scan type: Quick Scan
Objects scanned: 81611
Time elapsed: 59 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


______________________________________


Logfile of random's system information tool 1.04 (written by random/random)
Run by Doug at 2008-11-14 18:29:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 162 GB (68%) free of 238 GB
Total RAM: 502 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:23 PM, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Doug\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Doug.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpnmodem32.dll
O20 - Winlogon Notify: 8f97172502 - C:\WINDOWS\System32\dpnmodem32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 9825 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-08-23 57344]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]
"LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
"EPSON Stylus CX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\dpnmodem32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\8f97172502]
C:\WINDOWS\System32\dpnmodem32.dll [2008-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Disabled:Framework Service"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\CIMSVR.exe"="C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-11-14 18:29:15 ----D---- C:\rsit
2008-11-13 17:38:47 ----D---- C:\Program Files\Trend Micro
2008-11-13 17:10:17 ----D---- C:\Documents and Settings\Doug\Application Data\Malwarebytes
2008-11-13 17:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 17:09:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-13 16:37:59 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest
2008-11-13 16:34:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 03:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 20:21:25 ----ASH---- C:\WINDOWS\system32\6.tmp
2008-11-12 17:59:33 ----ASH---- C:\WINDOWS\system32\77.tmp
2008-11-11 20:09:52 ----ASH---- C:\WINDOWS\system32\F2.tmp
2008-11-11 20:09:41 ----ASH---- C:\WINDOWS\system32\F0.tmp
2008-11-11 19:43:47 ----ASH---- C:\WINDOWS\system32\8F.tmp
2008-11-11 15:29:14 ----ASH---- C:\WINDOWS\system32\EC.tmp
2008-11-11 15:29:10 ----ASH---- C:\WINDOWS\system32\EB.tmp
2008-11-11 15:29:05 ----ASH---- C:\WINDOWS\system32\EA.tmp
2008-11-11 13:43:39 ----ASH---- C:\WINDOWS\system32\89.tmp
2008-11-11 03:43:38 ----ASH---- C:\WINDOWS\system32\75.tmp
2008-11-10 19:29:15 ----ASH---- C:\WINDOWS\system32\74.tmp
2008-11-10 19:29:09 ----ASH---- C:\WINDOWS\system32\72.tmp
2008-11-10 19:29:05 ----ASH---- C:\WINDOWS\system32\71.tmp
2008-11-10 17:43:39 ----ASH---- C:\WINDOWS\system32\70.tmp
2008-11-07 00:26:46 ----ASH---- C:\WINDOWS\system32\A9.tmp
2008-11-06 14:26:46 ----ASH---- C:\WINDOWS\system32\A7.tmp
2008-11-06 07:04:31 ----ASH---- C:\WINDOWS\system32\5.tmp
2008-11-06 04:26:45 ----ASH---- C:\WINDOWS\system32\88.tmp
2008-11-05 18:26:45 ----ASH---- C:\WINDOWS\system32\87.tmp
2008-11-05 08:26:41 ----ASH---- C:\WINDOWS\system32\6E.tmp
2008-11-05 08:26:31 ----A---- C:\WINDOWS\system32\dpnmodem32.dll
2008-11-04 22:34:50 ----A---- C:\WINDOWS\system32\1E4B.tmp
2008-11-04 22:34:14 ----A---- C:\WINDOWS\system32\D89.tmp
2008-11-04 19:41:19 ----A---- C:\WINDOWS\system32\6D.tmp
2008-11-04 15:53:43 ----A---- C:\WINDOWS\system32\8E.tmp
2008-11-04 14:54:04 ----ASH---- C:\WINDOWS\system32\8D.tmp
2008-11-04 14:53:43 ----A---- C:\WINDOWS\system32\8C.tmp
2008-11-04 13:54:04 ----ASH---- C:\WINDOWS\system32\86.tmp
2008-11-04 13:52:51 ----A---- C:\WINDOWS\system32\76.tmp
2008-11-04 12:52:51 ----ASH---- C:\WINDOWS\system32\6C.tmp
2008-11-04 10:03:29 ----ASH---- C:\WINDOWS\system32\C4.tmp
2008-11-04 09:29:08 ----ASH---- C:\WINDOWS\system32\8B.tmp
2008-11-04 09:03:29 ----ASH---- C:\WINDOWS\system32\C0.tmp
2008-11-04 08:29:08 ----ASH---- C:\WINDOWS\system32\6B.tmp
2008-11-04 08:03:29 ----ASH---- C:\WINDOWS\system32\BF.tmp
2008-11-04 07:03:28 ----ASH---- C:\WINDOWS\system32\A6.tmp
2008-11-04 06:03:28 ----ASH---- C:\WINDOWS\system32\A5.tmp
2008-11-04 05:03:28 ----ASH---- C:\WINDOWS\system32\A4.tmp
2008-11-04 04:03:49 ----ASH---- C:\WINDOWS\system32\A3.tmp
2008-11-04 04:03:28 ----A---- C:\WINDOWS\system32\A2.tmp
2008-11-04 03:03:28 ----ASH---- C:\WINDOWS\system32\9E.tmp
2008-11-04 02:03:27 ----ASH---- C:\WINDOWS\system32\98.tmp
2008-11-04 01:03:27 ----ASH---- C:\WINDOWS\system32\97.tmp
2008-11-04 00:03:26 ----ASH---- C:\WINDOWS\system32\96.tmp
2008-11-03 23:24:42 ----ASH---- C:\WINDOWS\system32\6A.tmp
2008-11-03 23:03:57 ----ASH---- C:\WINDOWS\system32\95.tmp
2008-11-03 23:03:26 ----A---- C:\WINDOWS\system32\94.tmp
2008-11-03 22:03:26 ----ASH---- C:\WINDOWS\system32\93.tmp
2008-11-03 21:03:26 ----ASH---- C:\WINDOWS\system32\90.tmp
2008-11-03 19:13:00 ----ASH---- C:\WINDOWS\system32\85.tmp
2008-11-03 18:13:00 ----ASH---- C:\WINDOWS\system32\84.tmp
2008-11-03 17:12:59 ----ASH---- C:\WINDOWS\system32\83.tmp
2008-11-03 16:12:59 ----ASH---- C:\WINDOWS\system32\82.tmp
2008-11-03 15:12:59 ----ASH---- C:\WINDOWS\system32\81.tmp
2008-11-03 14:12:58 ----ASH---- C:\WINDOWS\system32\80.tmp
2008-11-03 13:12:58 ----ASH---- C:\WINDOWS\system32\7C.tmp
2008-11-03 12:12:58 ----ASH---- C:\WINDOWS\system32\7B.tmp
2008-11-03 11:12:58 ----ASH---- C:\WINDOWS\system32\79.tmp
2008-11-03 10:12:57 ----ASH---- C:\WINDOWS\system32\78.tmp
2008-11-03 09:12:57 ----ASH---- C:\WINDOWS\system32\73.tmp
2008-11-02 20:16:46 ----ASH---- C:\WINDOWS\system32\69.tmp
2008-11-02 18:37:53 ----ASH---- C:\WINDOWS\system32\B.tmp
2008-11-02 18:18:26 ----ASH---- C:\WINDOWS\system32\4.tmp
2008-11-02 18:15:49 ----A---- C:\WINDOWS\system32\67.tmp
2008-11-01 19:16:01 ----ASH---- C:\WINDOWS\system32\6F.tmp
2008-11-01 19:05:10 ----ASH---- C:\WINDOWS\system32\66.tmp
2008-11-01 18:04:59 ----ASH---- C:\WINDOWS\system32\2.tmp
2008-11-01 17:37:08 ----ASH---- C:\WINDOWS\system32\65.tmp
2008-11-01 16:37:07 ----ASH---- C:\WINDOWS\system32\64.tmp
2008-11-01 15:37:28 ----ASH---- C:\WINDOWS\system32\60.tmp
2008-11-01 15:37:07 ----A---- C:\WINDOWS\system32\5F.tmp
2008-11-01 14:36:45 ----ASH---- C:\WINDOWS\system32\5E.tmp
2008-11-01 14:36:24 ----A---- C:\WINDOWS\system32\57.tmp
2008-11-01 13:36:13 ----ASH---- C:\WINDOWS\system32\A.tmp
2008-10-31 21:51:20 ----ASH---- C:\WINDOWS\system32\E0.tmp
2008-10-31 21:50:59 ----A---- C:\WINDOWS\system32\DF.tmp
2008-10-31 20:50:58 ----ASH---- C:\WINDOWS\system32\8A.tmp
2008-10-31 19:50:49 ----ASH---- C:\WINDOWS\system32\7F.tmp
2008-10-31 19:07:18 ----ASH---- C:\WINDOWS\system32\7E.tmp
2008-10-31 19:06:57 ----A---- C:\WINDOWS\system32\7D.tmp
2008-10-31 17:34:25 ----ASH---- C:\WINDOWS\system32\7A.tmp
2008-10-31 16:34:56 ----ASH---- C:\WINDOWS\system32\63.tmp
2008-10-31 16:34:25 ----A---- C:\WINDOWS\system32\62.tmp
2008-10-31 15:34:25 ----ASH---- C:\WINDOWS\system32\61.tmp
2008-10-31 14:34:24 ----ASH---- C:\WINDOWS\system32\5D.tmp
2008-10-31 13:34:24 ----ASH---- C:\WINDOWS\system32\5C.tmp
2008-10-31 12:34:24 ----ASH---- C:\WINDOWS\system32\5B.tmp
2008-10-31 10:50:13 ----ASH---- C:\WINDOWS\system32\5A.tmp
2008-10-31 09:50:12 ----ASH---- C:\WINDOWS\system32\59.tmp
2008-10-31 08:50:12 ----ASH---- C:\WINDOWS\system32\58.tmp
2008-10-31 07:50:29 ----ASH---- C:\WINDOWS\system32\56.tmp
2008-10-31 06:50:49 ----ASH---- C:\WINDOWS\system32\55.tmp
2008-10-31 06:50:28 ----A---- C:\WINDOWS\system32\54.tmp
2008-10-31 05:50:28 ----ASH---- C:\WINDOWS\system32\53.tmp
2008-10-31 04:50:28 ----ASH---- C:\WINDOWS\system32\52.tmp
2008-10-30 22:22:07 ----ASH---- C:\WINDOWS\system32\51.tmp
2008-10-30 21:22:07 ----ASH---- C:\WINDOWS\system32\50.tmp
2008-10-30 20:58:45 ----ASH---- C:\WINDOWS\system32\4F.tmp
2008-10-30 20:22:28 ----ASH---- C:\WINDOWS\system32\4E.tmp
2008-10-30 20:22:07 ----A---- C:\WINDOWS\system32\4D.tmp
2008-10-30 19:58:45 ----ASH---- C:\WINDOWS\system32\4C.tmp
2008-10-30 19:03:25 ----ASH---- C:\WINDOWS\system32\4B.tmp
2008-10-30 18:58:45 ----ASH---- C:\WINDOWS\system32\49.tmp
2008-10-30 18:03:46 ----ASH---- C:\WINDOWS\system32\48.tmp
2008-10-30 18:03:25 ----A---- C:\WINDOWS\system32\47.tmp
2008-10-30 17:26:59 ----ASH---- C:\WINDOWS\system32\3F.tmp
2008-10-30 17:03:25 ----ASH---- C:\WINDOWS\system32\3E.tmp
2008-10-30 16:11:33 ----ASH---- C:\WINDOWS\system32\F.tmp
2008-10-30 16:03:24 ----ASH---- C:\WINDOWS\system32\3D.tmp
2008-10-30 15:03:45 ----ASH---- C:\WINDOWS\system32\3C.tmp
2008-10-30 15:03:24 ----A---- C:\WINDOWS\system32\3B.tmp
2008-10-30 14:03:24 ----ASH---- C:\WINDOWS\system32\17.tmp
2008-10-30 13:03:23 ----ASH---- C:\WINDOWS\system32\16.tmp
2008-10-30 12:03:23 ----ASH---- C:\WINDOWS\system32\15.tmp
2008-10-30 11:03:23 ----ASH---- C:\WINDOWS\system32\14.tmp
2008-10-30 10:03:22 ----ASH---- C:\WINDOWS\system32\13.tmp
2008-10-30 09:03:43 ----ASH---- C:\WINDOWS\system32\12.tmp
2008-10-30 09:03:22 ----A---- C:\WINDOWS\system32\11.tmp
2008-10-30 08:03:22 ----ASH---- C:\WINDOWS\system32\10.tmp
2008-10-30 06:15:10 ----ASH---- C:\WINDOWS\system32\3.tmp
2008-10-29 17:31:30 ----ASH---- C:\WINDOWS\system32\3A.tmp
2008-10-29 17:12:32 ----ASH---- C:\WINDOWS\system32\24.tmp
2008-10-29 16:12:31 ----ASH---- C:\WINDOWS\system32\23.tmp
2008-10-29 15:12:09 ----ASH---- C:\WINDOWS\system32\21.tmp
2008-10-29 15:11:48 ----A---- C:\WINDOWS\system32\1F.tmp
2008-10-29 14:11:48 ----ASH---- C:\WINDOWS\system32\1E.tmp
2008-10-29 13:11:47 ----ASH---- C:\WINDOWS\system32\1D.tmp
2008-10-29 12:11:47 ----ASH---- C:\WINDOWS\system32\1B.tmp
2008-10-29 11:11:47 ----ASH---- C:\WINDOWS\system32\1A.tmp
2008-10-29 10:11:47 ----ASH---- C:\WINDOWS\system32\19.tmp
2008-10-29 09:11:47 ----ASH---- C:\WINDOWS\system32\18.tmp
2008-10-28 21:08:12 ----ASH---- C:\WINDOWS\system32\22.tmp
2008-10-28 15:21:57 ----ASH---- C:\WINDOWS\system32\A1.tmp
2008-10-28 14:21:56 ----ASH---- C:\WINDOWS\system32\A0.tmp
2008-10-28 13:21:56 ----ASH---- C:\WINDOWS\system32\9F.tmp
2008-10-28 12:27:01 ----ASH---- C:\WINDOWS\system32\D.tmp
2008-10-28 12:22:29 ----ASH---- C:\WINDOWS\system32\9D.tmp
2008-10-28 12:21:56 ----A---- C:\WINDOWS\system32\9C.tmp
2008-10-28 11:27:00 ----ASH---- C:\WINDOWS\system32\C.tmp
2008-10-28 11:21:55 ----ASH---- C:\WINDOWS\system32\9B.tmp
2008-10-28 10:21:55 ----ASH---- C:\WINDOWS\system32\9A.tmp
2008-10-28 09:21:55 ----ASH---- C:\WINDOWS\system32\99.tmp
2008-10-28 08:21:54 ----ASH---- C:\WINDOWS\system32\92.tmp
2008-10-28 07:21:54 ----ASH---- C:\WINDOWS\system32\91.tmp
2008-10-28 06:17:24 ----ASH---- C:\WINDOWS\system32\20.tmp
2008-10-28 05:17:24 ----ASH---- C:\WINDOWS\system32\1C.tmp
2008-10-27 15:27:19 ----ASH---- C:\WINDOWS\system32\1A5.tmp
2008-10-27 14:27:18 ----ASH---- C:\WINDOWS\system32\1A4.tmp
2008-10-27 13:27:18 ----ASH---- C:\WINDOWS\system32\1A3.tmp
2008-10-27 12:27:18 ----ASH---- C:\WINDOWS\system32\1A2.tmp
2008-10-27 11:27:17 ----ASH---- C:\WINDOWS\system32\194.tmp
2008-10-27 10:27:17 ----ASH---- C:\WINDOWS\system32\193.tmp
2008-10-27 09:27:17 ----ASH---- C:\WINDOWS\system32\192.tmp
2008-10-27 08:27:17 ----ASH---- C:\WINDOWS\system32\191.tmp
2008-10-27 07:27:16 ----ASH---- C:\WINDOWS\system32\183.tmp
2008-10-25 16:52:35 ----D---- C:\Program Files\Apple Software Update
2008-10-25 16:50:52 ----D---- C:\Program Files\iPod
2008-10-25 16:50:45 ----D---- C:\Program Files\iTunes
2008-10-25 16:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 16:44:46 ----SHD---- C:\Config.Msi
2008-10-25 16:32:29 ----ASH---- C:\WINDOWS\system32\68.tmp
2008-10-25 16:21:47 ----ASH---- C:\WINDOWS\system32\4A.tmp
2008-10-25 15:21:46 ----ASH---- C:\WINDOWS\system32\45.tmp
2008-10-25 14:21:41 ----ASH---- C:\WINDOWS\system32\43.tmp
2008-10-25 10:53:59 ----ASH---- C:\WINDOWS\system32\42.tmp
2008-10-25 09:53:59 ----ASH---- C:\WINDOWS\system32\41.tmp
2008-10-25 08:53:59 ----ASH---- C:\WINDOWS\system32\40.tmp
2008-10-25 07:21:29 ----ASH---- C:\WINDOWS\system32\39.tmp
2008-10-25 06:21:28 ----ASH---- C:\WINDOWS\system32\38.tmp
2008-10-25 05:21:28 ----ASH---- C:\WINDOWS\system32\37.tmp
2008-10-25 04:21:28 ----ASH---- C:\WINDOWS\system32\36.tmp
2008-10-25 03:21:28 ----ASH---- C:\WINDOWS\system32\35.tmp
2008-10-25 02:21:27 ----ASH---- C:\WINDOWS\system32\34.tmp
2008-10-25 01:21:27 ----ASH---- C:\WINDOWS\system32\33.tmp
2008-10-25 00:21:27 ----ASH---- C:\WINDOWS\system32\2A.tmp
2008-10-24 23:21:26 ----ASH---- C:\WINDOWS\system32\29.tmp
2008-10-24 22:21:26 ----ASH---- C:\WINDOWS\system32\28.tmp
2008-10-24 21:21:25 ----ASH---- C:\WINDOWS\system32\27.tmp
2008-10-24 20:21:25 ----ASH---- C:\WINDOWS\system32\26.tmp
2008-10-24 19:21:25 ----ASH---- C:\WINDOWS\system32\25.tmp
2008-10-24 15:29:01 ----ASH---- C:\WINDOWS\system32\32.tmp
2008-10-24 14:29:01 ----ASH---- C:\WINDOWS\system32\31.tmp
2008-10-24 13:29:01 ----ASH---- C:\WINDOWS\system32\30.tmp
2008-10-24 10:34:29 ----ASH---- C:\WINDOWS\system32\2D.tmp
2008-10-24 10:24:10 ----ASH---- C:\WINDOWS\system32\2F.tmp
2008-10-24 09:34:29 ----ASH---- C:\WINDOWS\system32\2C.tmp
2008-10-24 09:24:09 ----ASH---- C:\WINDOWS\system32\2E.tmp
2008-10-24 08:34:28 ----ASH---- C:\WINDOWS\system32\2B.tmp
2008-10-24 08:24:04 ----ASH---- C:\WINDOWS\system32\1.tmp
2008-10-24 02:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 00:55:08 ----ASH---- C:\WINDOWS\system32\7E8.tmp
2008-10-23 23:04:55 ----ASH---- C:\WINDOWS\system32\7E7.tmp
2008-10-23 22:04:55 ----ASH---- C:\WINDOWS\system32\7E6.tmp
2008-10-23 21:04:55 ----ASH---- C:\WINDOWS\system32\7E5.tmp
2008-10-23 19:52:52 ----ASH---- C:\WINDOWS\system32\7DD.tmp
2008-10-23 18:52:51 ----ASH---- C:\WINDOWS\system32\46.tmp
2008-10-23 18:00:22 ----A---- C:\WINDOWS\GnuHashes.ini
2008-10-23 17:52:46 ----ASH---- C:\WINDOWS\system32\44.tmp
2008-10-23 17:52:40 ----A---- C:\WINDOWS\system32\HSFCI00832.dll
2008-10-16 02:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-28 19:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-28 07:59:15 ----D---- C:\WINDOWS\Prefetch
2008-09-28 07:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 07:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 07:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 07:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 07:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 07:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-28 07:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 07:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 07:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 07:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 07:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 07:32:24 ----D---- C:\WINDOWS\system32\scripting
2008-09-28 07:32:24 ----D---- C:\WINDOWS\l2schemas
2008-09-28 07:32:23 ----D---- C:\WINDOWS\system32\en
2008-09-28 07:32:23 ----D---- C:\WINDOWS\system32\bits
2008-09-28 07:29:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-28 07:22:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-17 16:45:47 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-17 16:45:45 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-17 16:45:44 ----N---- C:\WINDOWS\system32\windowscodec-- The nicest hobby on Earth ;) --t.dll
2008-09-17 16:45:44 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-17 16:45:36 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-17 16:45:36 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-17 16:45:30 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-17 16:45:29 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-17 16:45:28 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-17 16:45:28 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-17 16:45:28 ----N---- C:\WINDOWS\slrundll.exe
2008-09-17 16:45:27 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-17 16:45:27 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-17 16:45:27 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-17 16:45:24 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-17 16:45:22 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-17 16:45:21 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-17 16:45:20 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-17 16:45:19 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-17 16:45:18 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-17 16:45:18 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-17 16:45:18 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-17 16:45:16 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-17 16:45:14 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-17 16:45:12 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-17 16:45:07 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-17 16:45:07 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-17 16:45:06 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-17 16:45:06 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-17 16:45:05 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-17 16:45:05 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-17 16:45:04 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-17 16:45:04 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-17 16:44:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-17 16:44:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-17 16:44:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-17 16:44:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-17 16:44:32 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-17 16:44:31 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-17 16:44:28 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-17 16:44:28 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-17 16:44:28 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-17 16:44:28 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-17 16:44:17 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-17 16:44:16 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-17 16:44:13 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-17 16:44:09 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-17 16:44:04 ----A---- C:\WINDOWS\003116_.tmp
2008-09-17 16:44:03 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-17 16:44:02 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-17 16:44:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-17 16:44:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-17 16:43:59 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-17 16:43:57 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-17 16:43:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-17 16:43:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-17 16:43:54 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-17 16:43:48 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-17 16:43:48 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-17 16:43:45 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-17 16:43:45 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-17 16:43:45 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-17 16:43:44 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-17 16:43:44 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-17 16:43:44 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-17 16:43:44 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-17 16:43:36 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-11 02:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-11 02:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 18:19:28 ----D---- C:\Documents and Settings\Doug\Application Data\Apple Computer
2008-09-08 17:31:17 ----D---- C:\Program Files\QuickTime
2008-09-08 17:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-08 17:29:41 ----D---- C:\Program Files\Common Files\Apple
2008-09-08 17:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 3 months======

2008-11-14 18:30:26 ----D---- C:\quarantine
2008-11-14 18:21:43 ----D---- C:\WINDOWS\system32
2008-11-14 17:08:07 ----D---- C:\Program Files\Mozilla Firefox
2008-11-14 17:03:46 ----D---- C:\WINDOWS\Temp
2008-11-13 18:13:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-13 17:38:47 ----RD---- C:\Program Files
2008-11-13 17:10:00 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 16:34:07 ----D---- C:\WINDOWS
2008-11-13 03:05:32 ----HD---- C:\WINDOWS\inf
2008-11-13 03:05:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 03:05:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:05:05 ----SHD---- C:\WINDOWS\Installer
2008-11-13 03:04:36 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 03:01:48 ----D---- C:\WINDOWS\WinSxS
2008-11-12 14:56:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 19:48:07 ----D---- C:\WINDOWS\Help
2008-11-03 20:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 18:19:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-02 18:11:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-26 13:23:37 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 17:20:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-25 17:15:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 16:52:42 ----SD---- C:\WINDOWS\Tasks
2008-10-25 16:51:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:03:27 ----D---- C:\WINDOWS\system32\wbem
2008-10-16 02:06:09 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:05:57 ----D---- C:\WINDOWS\ie7updates
2008-10-16 02:05:17 ----A---- C:\WINDOWS\win.ini
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 21:14:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-28 08:00:04 ----A---- C:\WINDOWS\setuplog.txt
2008-09-28 07:58:43 ----D---- C:\WINDOWS\system32\Setup
2008-09-28 07:58:43 ----D---- C:\WINDOWS\AppPatch
2008-09-28 07:58:42 ----RSD---- C:\WINDOWS\Fonts
2008-09-28 07:36:21 ----D---- C:\Program Files\Messenger
2008-09-28 07:35:55 ----D---- C:\WINDOWS\security
2008-09-28 07:32:41 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-28 07:32:41 ----D---- C:\WINDOWS\network diagnostic
2008-09-28 07:32:41 ----D---- C:\WINDOWS\ime
2008-09-28 07:32:25 ----D---- C:\WINDOWS\system32\usmt
2008-09-28 07:32:25 ----D---- C:\WINDOWS\system32\en-US
2008-09-28 07:32:23 ----D---- C:\WINDOWS\PeerNet
2008-09-28 07:32:22 ----D---- C:\Program Files\Movie Maker
2008-09-28 07:29:45 ----D---- C:\WINDOWS\system32\Restore
2008-09-28 07:29:44 ----D---- C:\WINDOWS\system32\npp
2008-09-28 07:29:44 ----D---- C:\WINDOWS\mui
2008-09-28 07:29:43 ----D---- C:\WINDOWS\msagent
2008-09-28 07:29:42 ----D---- C:\WINDOWS\srchasst
2008-09-28 07:29:41 ----D---- C:\Program Files\NetMeeting
2008-09-28 07:29:40 ----D---- C:\WINDOWS\system32\Com
2008-09-28 07:29:38 ----D---- C:\Program Files\Windows Media Player
2008-09-28 07:29:37 ----D---- C:\Program Files\Windows NT
2008-09-28 07:29:37 ----D---- C:\Program Files\Outlook Express
2008-09-28 07:29:34 ----D---- C:\Program Files\Common Files\System
2008-09-28 07:29:15 ----D---- C:\WINDOWS\system32\oobe
2008-09-28 07:29:13 ----D---- C:\WINDOWS\system
2008-09-28 07:25:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-28 07:22:10 ----D---- C:\WINDOWS\ehome
2008-09-24 06:36:17 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-24 06:36:16 ----RSD---- C:\WINDOWS\assembly
2008-09-17 16:23:49 ----D---- C:\WINDOWS\Debug
2008-09-08 17:29:41 ----D---- C:\Program Files\Common Files
2008-09-05 23:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 13:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-27 04:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 03:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 03:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 03:24:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 03:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 04:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 04:37:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 01:54:51 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-20 10:37:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-09-22 58048]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-09-22 108256]
R3 QCMerced;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT2500;Linksys Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-22 120448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-31 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-14 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-14 18:30:30

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EPSON CX4400 Series User's Guide-->C:\Program Files\epson\guide\cx4400_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX4400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{471B83B9-29D8-41EC-9974-56BB8A457A8B}\Setup.exe" -l0x9
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.10.2-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech IM Video Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer 7 Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

We have some work to do.


First:
Delete rsit.exe and the log files it produced. We don't need this anymore.


Second:
Now for RSIT's big brother. Rsit just reports, ComboFix can remove as well.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

ComboFix 08-11-16.02 - Doug 2008-11-16 18:56:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.238 [GMT -4:00]
Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\1.tmp
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\6.tmp
c:\windows\system32\7.tmp
c:\windows\system32\A.tmp
c:\windows\system32\B.tmp
c:\windows\system32\C.tmp
c:\windows\system32\D.tmp
c:\windows\system32\F.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-14 18:29 . 2008-11-14 18:30 <DIR> d-------- C:\rsit
2008-11-13 17:38 . 2008-11-13 17:38 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 17:10 . 2008-11-13 17:10 <DIR> d-------- c:\documents and settings\Doug\Application Data\Malwarebytes
2008-11-13 17:10 . 2008-10-22 16:28 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-13 17:09 . 2008-11-13 17:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 17:09 . 2008-11-13 17:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-13 17:09 . 2008-10-22 16:28 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 16:37 . 2008-11-13 16:41 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-11-12 17:59 . 2008-11-12 17:59 318,976 --ahs---- c:\windows\system32\77.tmp
2008-11-12 14:56 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:56 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:09 . 2008-11-11 20:09 318,976 --ahs---- c:\windows\system32\F2.tmp
2008-11-11 20:09 . 2008-11-11 20:09 318,976 --ahs---- c:\windows\system32\F0.tmp
2008-11-11 19:43 . 2008-11-11 19:43 318,976 --ahs---- c:\windows\system32\8F.tmp
2008-11-11 15:29 . 2008-11-11 15:29 318,976 --ahs---- c:\windows\system32\EC.tmp
2008-11-11 15:29 . 2008-11-11 15:29 318,976 --ahs---- c:\windows\system32\EB.tmp
2008-11-11 15:29 . 2008-11-11 15:29 318,976 --ahs---- c:\windows\system32\EA.tmp
2008-11-11 13:43 . 2008-11-11 13:43 318,976 --ahs---- c:\windows\system32\89.tmp
2008-11-11 03:43 . 2008-11-11 03:43 318,976 --ahs---- c:\windows\system32\75.tmp
2008-11-10 19:29 . 2008-11-10 19:29 318,976 --ahs---- c:\windows\system32\74.tmp
2008-11-10 19:29 . 2008-11-10 19:29 318,976 --ahs---- c:\windows\system32\72.tmp
2008-11-10 19:29 . 2008-11-10 19:29 318,976 --ahs---- c:\windows\system32\71.tmp
2008-11-10 17:43 . 2008-11-10 17:43 318,976 --ahs---- c:\windows\system32\70.tmp
2008-11-07 00:26 . 2008-11-07 00:26 318,976 --ahs---- c:\windows\system32\A9.tmp
2008-11-06 14:26 . 2008-11-06 14:26 318,976 --ahs---- c:\windows\system32\A7.tmp
2008-11-06 04:26 . 2008-11-06 04:26 318,976 --ahs---- c:\windows\system32\88.tmp
2008-11-05 18:26 . 2008-11-05 18:26 318,976 --ahs---- c:\windows\system32\87.tmp
2008-11-05 08:26 . 2008-11-05 08:26 318,976 --ahs---- c:\windows\system32\6E.tmp
2008-11-05 08:26 . 2008-11-13 18:13 135,168 --a------ c:\windows\system32\dpnmodem32.dll
2008-11-04 22:34 . 2008-11-04 22:34 0 --a------ c:\windows\system32\D89.tmp
2008-11-04 22:34 . 2008-11-04 22:34 0 --a------ c:\windows\system32\1E4B.tmp
2008-11-04 19:41 . 2008-11-04 19:41 0 --a------ c:\windows\system32\6D.tmp
2008-11-04 15:53 . 2008-11-04 15:53 0 --a------ c:\windows\system32\8E.tmp
2008-11-04 14:54 . 2008-11-04 14:54 318,976 --ahs---- c:\windows\system32\8D.tmp
2008-11-04 14:53 . 2008-11-04 14:53 0 --a------ c:\windows\system32\8C.tmp
2008-11-04 13:54 . 2008-11-04 13:54 318,976 --ahs---- c:\windows\system32\86.tmp
2008-11-04 13:52 . 2008-11-04 13:52 0 --a------ c:\windows\system32\76.tmp
2008-11-04 12:52 . 2008-11-04 12:53 318,976 --ahs---- c:\windows\system32\6C.tmp
2008-11-04 10:03 . 2008-11-04 10:03 318,976 --ahs---- c:\windows\system32\C4.tmp
2008-11-04 09:29 . 2008-11-04 09:29 318,976 --ahs---- c:\windows\system32\8B.tmp
2008-11-04 09:03 . 2008-11-04 09:03 318,976 --ahs---- c:\windows\system32\C0.tmp
2008-11-04 08:29 . 2008-11-04 08:29 318,976 --ahs---- c:\windows\system32\6B.tmp
2008-11-04 08:03 . 2008-11-04 08:03 318,976 --ahs---- c:\windows\system32\BF.tmp
2008-11-04 07:03 . 2008-11-04 07:03 318,976 --ahs---- c:\windows\system32\A6.tmp
2008-11-04 06:03 . 2008-11-04 06:03 318,976 --ahs---- c:\windows\system32\A5.tmp
2008-11-04 05:03 . 2008-11-04 05:03 318,976 --ahs---- c:\windows\system32\A4.tmp
2008-11-04 04:03 . 2008-11-04 04:03 318,976 --ahs---- c:\windows\system32\A3.tmp
2008-11-04 04:03 . 2008-11-04 04:03 0 --a------ c:\windows\system32\A2.tmp
2008-11-04 03:03 . 2008-11-04 03:03 318,976 --ahs---- c:\windows\system32\9E.tmp
2008-11-04 02:03 . 2008-11-04 02:03 318,976 --ahs---- c:\windows\system32\98.tmp
2008-11-04 01:03 . 2008-11-04 01:03 318,976 --ahs---- c:\windows\system32\97.tmp
2008-11-04 00:03 . 2008-11-04 00:03 318,976 --ahs---- c:\windows\system32\96.tmp
2008-11-03 23:24 . 2008-11-03 23:24 318,976 --ahs---- c:\windows\system32\6A.tmp
2008-11-03 23:03 . 2008-11-03 23:04 318,976 --ahs---- c:\windows\system32\95.tmp
2008-11-03 23:03 . 2008-11-03 23:03 0 --a------ c:\windows\system32\94.tmp
2008-11-03 22:03 . 2008-11-03 22:03 318,976 --ahs---- c:\windows\system32\93.tmp
2008-11-03 21:03 . 2008-11-03 21:03 318,976 --ahs---- c:\windows\system32\90.tmp
2008-11-03 19:13 . 2008-11-03 19:13 318,976 --ahs---- c:\windows\system32\85.tmp
2008-11-03 18:13 . 2008-11-03 18:13 318,976 --ahs---- c:\windows\system32\84.tmp
2008-11-03 17:12 . 2008-11-03 17:13 318,976 --ahs---- c:\windows\system32\83.tmp
2008-11-03 16:12 . 2008-11-03 16:13 318,976 --ahs---- c:\windows\system32\82.tmp
2008-11-03 15:12 . 2008-11-03 15:13 318,976 --ahs---- c:\windows\system32\81.tmp
2008-11-03 14:12 . 2008-11-03 14:13 318,976 --ahs---- c:\windows\system32\80.tmp
2008-11-03 13:12 . 2008-11-03 13:13 318,976 --ahs---- c:\windows\system32\7C.tmp
2008-11-03 12:12 . 2008-11-03 12:13 318,976 --ahs---- c:\windows\system32\7B.tmp
2008-11-03 11:12 . 2008-11-03 11:13 318,976 --ahs---- c:\windows\system32\79.tmp
2008-11-03 10:12 . 2008-11-03 10:13 318,976 --ahs---- c:\windows\system32\78.tmp
2008-11-03 09:12 . 2008-11-03 09:13 318,976 --ahs---- c:\windows\system32\73.tmp
2008-11-02 20:16 . 2008-11-02 20:16 318,976 --ahs---- c:\windows\system32\69.tmp
2008-11-02 18:15 . 2008-11-02 18:15 0 --a------ c:\windows\system32\67.tmp
2008-11-01 19:16 . 2008-11-01 19:17 318,976 --ahs---- c:\windows\system32\6F.tmp
2008-11-01 19:05 . 2008-11-01 19:05 318,976 --ahs---- c:\windows\system32\66.tmp
2008-11-01 17:37 . 2008-11-01 17:37 318,976 --ahs---- c:\windows\system32\65.tmp
2008-11-01 16:37 . 2008-11-01 16:37 318,976 --ahs---- c:\windows\system32\64.tmp
2008-11-01 15:37 . 2008-11-01 15:37 318,976 --ahs---- c:\windows\system32\60.tmp
2008-11-01 15:37 . 2008-11-01 15:37 0 --a------ c:\windows\system32\5F.tmp
2008-11-01 14:36 . 2008-11-01 14:37 318,976 --ahs---- c:\windows\system32\5E.tmp
2008-11-01 14:36 . 2008-11-01 14:36 0 --a------ c:\windows\system32\57.tmp
2008-10-31 21:51 . 2008-10-31 21:51 318,976 --ahs---- c:\windows\system32\E0.tmp
2008-10-31 21:50 . 2008-10-31 21:50 0 --a------ c:\windows\system32\DF.tmp
2008-10-31 20:50 . 2008-10-31 20:51 318,976 --ahs---- c:\windows\system32\8A.tmp
2008-10-31 19:50 . 2008-10-31 19:50 318,976 --ahs---- c:\windows\system32\7F.tmp
2008-10-31 19:07 . 2008-10-31 19:07 317,952 --ahs---- c:\windows\system32\7E.tmp
2008-10-31 19:06 . 2008-10-31 19:06 0 --a------ c:\windows\system32\7D.tmp
2008-10-31 17:34 . 2008-10-31 17:34 317,952 --ahs---- c:\windows\system32\7A.tmp
2008-10-31 16:34 . 2008-10-31 16:35 317,952 --ahs---- c:\windows\system32\63.tmp
2008-10-31 16:34 . 2008-10-31 16:34 0 --a------ c:\windows\system32\62.tmp
2008-10-31 15:34 . 2008-10-31 15:34 317,952 --ahs---- c:\windows\system32\61.tmp
2008-10-31 14:34 . 2008-10-31 14:34 317,952 --ahs---- c:\windows\system32\5D.tmp
2008-10-31 13:34 . 2008-10-31 13:34 317,952 --ahs---- c:\windows\system32\5C.tmp
2008-10-31 12:34 . 2008-10-31 12:34 317,952 --ahs---- c:\windows\system32\5B.tmp
2008-10-31 10:50 . 2008-10-31 10:50 317,952 --ahs---- c:\windows\system32\5A.tmp
2008-10-31 09:50 . 2008-10-31 09:50 317,952 --ahs---- c:\windows\system32\59.tmp
2008-10-31 08:50 . 2008-10-31 08:50 317,952 --ahs---- c:\windows\system32\58.tmp
2008-10-31 07:50 . 2008-10-31 07:50 317,952 --ahs---- c:\windows\system32\56.tmp
2008-10-31 06:50 . 2008-10-31 06:51 317,952 --ahs---- c:\windows\system32\55.tmp
2008-10-31 06:50 . 2008-10-31 06:50 0 --a------ c:\windows\system32\54.tmp
2008-10-31 05:50 . 2008-10-31 05:50 317,952 --ahs---- c:\windows\system32\53.tmp
2008-10-31 04:50 . 2008-10-31 04:50 317,952 --ahs---- c:\windows\system32\52.tmp
2008-10-30 22:22 . 2008-10-30 22:22 317,952 --ahs---- c:\windows\system32\51.tmp
2008-10-30 21:22 . 2008-10-30 21:22 317,952 --ahs---- c:\windows\system32\50.tmp
2008-10-30 20:58 . 2008-10-30 20:58 317,952 --ahs---- c:\windows\system32\4F.tmp
2008-10-30 20:22 . 2008-10-30 20:22 317,952 --ahs---- c:\windows\system32\4E.tmp
2008-10-30 20:22 . 2008-10-30 20:22 0 --a------ c:\windows\system32\4D.tmp
2008-10-30 19:58 . 2008-10-30 19:58 317,952 --ahs---- c:\windows\system32\4C.tmp
2008-10-30 19:03 . 2008-10-30 19:03 317,952 --ahs---- c:\windows\system32\4B.tmp
2008-10-30 18:58 . 2008-10-30 18:58 317,952 --ahs---- c:\windows\system32\49.tmp
2008-10-30 18:03 . 2008-10-30 18:03 317,952 --ahs---- c:\windows\system32\48.tmp
2008-10-30 18:03 . 2008-10-30 18:03 0 --a------ c:\windows\system32\47.tmp
2008-10-30 17:26 . 2008-10-30 17:27 317,952 --ahs---- c:\windows\system32\3F.tmp
2008-10-30 17:03 . 2008-10-30 17:03 317,952 --ahs---- c:\windows\system32\3E.tmp
2008-10-30 16:03 . 2008-10-30 16:03 317,952 --ahs---- c:\windows\system32\3D.tmp
2008-10-30 15:03 . 2008-10-30 15:03 317,952 --ahs---- c:\windows\system32\3C.tmp
2008-10-30 15:03 . 2008-10-30 15:03 0 --a------ c:\windows\system32\3B.tmp
2008-10-30 14:03 . 2008-10-30 14:03 317,952 --ahs---- c:\windows\system32\17.tmp
2008-10-30 13:03 . 2008-10-30 13:03 317,952 --ahs---- c:\windows\system32\16.tmp
2008-10-30 12:03 . 2008-10-30 12:03 317,952 --ahs---- c:\windows\system32\15.tmp
2008-10-30 11:03 . 2008-10-30 11:03 317,952 --ahs---- c:\windows\system32\14.tmp
2008-10-30 10:03 . 2008-10-30 10:03 317,952 --ahs---- c:\windows\system32\13.tmp
2008-10-30 09:03 . 2008-10-30 09:03 317,952 --ahs---- c:\windows\system32\12.tmp
2008-10-30 09:03 . 2008-10-30 09:03 0 --a------ c:\windows\system32\11.tmp
2008-10-30 08:03 . 2008-10-30 08:03 317,952 --ahs---- c:\windows\system32\10.tmp
2008-10-29 17:31 . 2008-10-29 17:31 317,952 --ahs---- c:\windows\system32\3A.tmp
2008-10-29 17:12 . 2008-10-29 17:12 317,952 --ahs---- c:\windows\system32\24.tmp
2008-10-29 16:12 . 2008-10-29 16:12 317,952 --ahs---- c:\windows\system32\23.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 22:46 --------- d-----w c:\documents and settings\Mitzie\Application Data\Move Networks
2008-10-25 21:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-25 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 20:48 --------- d-----w c:\program files\QuickTime
2008-10-25 20:47 --------- d-----w c:\program files\Common Files\Apple
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 18:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 18:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 18:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 18:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 18:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 18:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 18:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 18:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 18:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 18:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 20:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"EPSON Stylus CX4400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE" [2007-03-01 180736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8f97172502]
2008-11-13 18:13 135168 c:\windows\system32\dpnmodem32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\dpnmodem32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\CIMSVR.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\xz51vg2s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 18:58:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\System32\dpnmodem32.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\windows\System32\dpnmodem32.dll
.
Completion time: 2008-11-16 18:59:59
ComboFix-quarantined-files.txt 2008-11-16 22:59:56

Pre-Run: 169,412,390,912 bytes free
Post-Run: 170,750,177,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

267 --- E O F --- 2008-11-13 07:07:09

________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:54 PM, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S77.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\dpnmodem32.dll
O20 - Winlogon Notify: 8f97172502 - C:\WINDOWS\System32\dpnmodem32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 9086 bytes

Cheers.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall