Post by: Dale on July 17, 2009, 10:30:14 AM
So I got her to let me take it home and work on it.
I've spent some time disabling programs that started when windows did and I've applied all the latest MS updates, and now I'm not so sure. It acutally seems to be running okay now.
I did uninstall her copy of Zone Alarm as it seemed to not be working all that well, so she may have no antivirus at all now, but that's fixable.
Would you please look over the hijack this log and let me know what I should do, as well as recommend av software (I saw both AVG and Avast were recommended but I don't know the pros and cons of either).
Thank you very much,
Dale
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:18 AM, on 7/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU\")
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe
--
End of file - 6208 bytes
Post by: Dale on July 18, 2009, 04:26:49 PM
What do you think:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:34 PM, on 7/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU\")
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Zumie Search Service - Unknown owner - C:\Program Files\Zumie\zumie.exe (file missing)
--
End of file - 7649 bytes
Post by: guestolo on July 19, 2009, 10:22:45 AM
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.
Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
With that log from MBAM
Come back here, post a fresh Hijackthis log
Let me know how things are running
Post by: Dale on July 19, 2009, 08:02:21 PM
Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.
Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu
download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
With that log from MBAM
Come back here, post a fresh Hijackthis log
Let me know how things are running[/quote]
Ran MBAM and HiJackthis. Logs posted below. I think things are fine, but I don't use this system. Mostly I'm just trying to get it running good again.
Thanks for your help Guestolo.
Dale
Malwarebytes' Anti-Malware 1.39
Database version: 2464
Windows 5.1.2600 Service Pack 3
7/19/2009 7:50:45 PM
mbam-log-2009-07-19 (19-50-45).txt
Scan type: Quick Scan
Objects scanned: 105356
Time elapsed: 8 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 23
Files Infected: 55
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2eb613b4-e877-437d-9356-ed824801e872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{62566a4d-ae41-44d2-b1b1-bc210bd35dcb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\oggview32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oggview32.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\c.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\WINDOWS\SYSTEM32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Nanette\Desktop\MyFunCardsSetup2.1.50.3-3.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL.vzr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D4386 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D476E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D4991.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D4F7C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D5335.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002D547E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0417DDE8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\0417F74C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\04183E09.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\06C49293.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:47 PM, on 7/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Zumie Search Service - Unknown owner - C:\Program Files\Zumie\zumie.exe (file missing)
--
End of file - 7114 bytes
Post by: guestolo on July 19, 2009, 08:14:00 PM
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe and choose to Run it
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
NOTE: If you get an error trying to post log.txt
Upload it in a reply, on the bottom right hand side of a reply box
Click the Browse...
Navigate to the file and select it, then click the UPLOAD button
Post by: Dale on July 19, 2009, 08:29:47 PM
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
- Double click on RSIT.exe and choose to Run it
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
NOTE: If you get an error trying to post log.txt
Upload it in a reply, on the bottom right hand side of a reply box
Click the Browse...
Navigate to the file and select it, then click the UPLOAD button[/quote]
Here they are. I appreciate you looking at this stuff on a Sunday night.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nanette at 2009-07-19 20:27:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (43%) free of 73 GB
Total RAM: 510 MB (8% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:37 PM, on 7/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nanette\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nanette.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Zumie Search Service - Unknown owner - C:\Program Files\Zumie\zumie.exe (file missing)
--
End of file - 7123 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-18 1948440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe [2005-11-15 179784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-05 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboo]
C:\WINDOWS\Temp\RECOVE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [2004-09-28 32881]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Media Server.lnk]
C:\PROGRA~1\NETGEAR\MEDIAS~1\MEDIAS~1.EXE -systray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2006-05-04 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Resume Picaboo Installation.lnk]
C:\PROGRA~1\Picaboo\PICABO~1\PICABO~1.EXE [2006-07-13 316992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"CCALib8"=2
"WMPNetworkSvc"=3
"NetSvc"=3
"DSBrokerService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe
Logitech Harmony Remote Software 7.lnk - C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\NETGEAR\Media Server\MediaServer.exe"="C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Disabled:Digital 5 Streaming Media Application"
"C:\Program Files\Mode11\CallDir.exe"="C:\Program Files\Mode11\CallDir.exe:*:Disabled:CallDir"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-07-19 20:27:16 ----D---- C:\rsit
2009-07-19 19:26:58 ----D---- C:\Documents and Settings\Nanette\Application Data\Malwarebytes
2009-07-19 19:26:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 16:19:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-18 16:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-18 16:17:19 ----D---- C:\Program Files\NOS
2009-07-18 13:22:01 ----HD---- C:\$AVG8.VAULT$
2009-07-18 13:00:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-18 12:59:58 ----D---- C:\Program Files\SpywareBlaster
2009-07-18 12:53:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-18 12:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-18 12:52:29 ----D---- C:\Program Files\AVG
2009-07-18 12:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-17 10:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-17 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 10:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-17 10:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 09:53:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-17 09:53:01 ----D---- C:\Program Files\MSBuild
2009-07-17 09:52:50 ----D---- C:\Program Files\Reference Assemblies
2009-07-17 09:52:08 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-17 09:52:06 ----D---- C:\4f2cacaadf4e32756a1446f8aae74558
2009-07-17 09:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 09:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 09:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 09:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 09:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 09:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 09:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 09:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 09:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 09:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 09:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 09:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 09:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 09:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 09:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 09:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-17 09:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 09:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 09:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 09:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 09:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 09:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 09:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 09:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 09:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-17 09:27:35 ----D---- C:\WINDOWS\Prefetch
2009-07-17 09:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-17 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 09:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 09:20:47 ----D---- C:\WINDOWS\system32\scripting
2009-07-17 09:20:46 ----D---- C:\WINDOWS\system32\en
2009-07-17 09:20:46 ----D---- C:\WINDOWS\l2schemas
2009-07-17 09:20:45 ----D---- C:\WINDOWS\system32\bits
2009-07-17 09:18:35 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-17 09:12:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-17 09:12:01 ----D---- C:\WINDOWS\EHome
2009-07-17 09:07:54 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-17 09:07:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-17 09:07:50 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-17 09:07:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-17 09:07:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-17 09:07:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\slrundll.exe
2009-07-17 09:07:29 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-17 09:07:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-17 09:07:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-17 09:07:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-17 09:07:18 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-17 09:07:07 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-17 09:06:49 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-17 09:06:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-17 09:06:20 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-17 09:06:20 ----A---- C:\WINDOWS\002728_.tmp
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-17 09:06:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-17 09:06:08 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-17 09:06:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-17 09:06:02 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-17 09:05:52 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-17 08:25:04 ----D---- C:\Program Files\CCleaner
2009-07-17 08:17:25 ----N---- C:\WINDOWS\system32\xpsp4res.dll
======List of files/folders modified in the last 1 months======
2009-07-19 19:57:27 ----D---- C:\Program Files\Mozilla Firefox
2009-07-19 19:55:38 ----D---- C:\WINDOWS\Temp
2009-07-19 19:55:10 ----D---- C:\WINDOWS
2009-07-19 19:53:06 ----D---- C:\WINDOWS\system32\DRIVERS
2009-07-19 19:52:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 19:50:45 ----RD---- C:\Program Files
2009-07-19 19:50:42 ----D---- C:\WINDOWS\SYSTEM32
2009-07-19 19:12:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 16:22:20 ----SHD---- C:\WINDOWS\Installer
2009-07-18 16:22:19 ----D---- C:\Program Files\Adobe
2009-07-18 16:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-18 16:21:26 ----D---- C:\Program Files\Common Files\Adobe
2009-07-18 16:19:22 ----D---- C:\Documents and Settings\Nanette\Application Data\Adobe
2009-07-18 16:19:14 ----D---- C:\Program Files\Common Files
2009-07-18 16:17:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 16:09:58 ----D---- C:\Program Files\BroadJump
2009-07-18 14:45:27 ----D---- C:\Program Files\Zumie
2009-07-18 12:52:15 ----D---- C:\WINDOWS\WinSxS
2009-07-18 12:52:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-18 12:51:28 ----SD---- C:\Documents and Settings\Nanette\Application Data\Microsoft
2009-07-17 10:48:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 10:48:18 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-07-17 10:20:31 ----D---- C:\Program Files\Trend Micro
2009-07-17 10:18:51 ----D---- C:\WINDOWS\Debug
2009-07-17 10:15:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 10:15:19 ----HD---- C:\WINDOWS\INF
2009-07-17 10:14:45 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-07-17 10:10:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 10:05:30 ----D---- C:\WINDOWS\system32\WBEM
2009-07-17 10:05:30 ----D---- C:\WINDOWS\AppPatch
2009-07-17 10:05:30 ----D---- C:\Program Files\Internet Explorer
2009-07-17 10:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-17 09:52:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 09:52:56 ----RSD---- C:\WINDOWS\Fonts
2009-07-17 09:52:26 ----D---- C:\WINDOWS\system32\SPOOL
2009-07-17 09:45:26 ----D---- C:\WINDOWS\ie7updates
2009-07-17 09:41:31 ----D---- C:\Program Files\Messenger
2009-07-17 09:27:06 ----D---- C:\WINDOWS\system32\Setup
2009-07-17 09:24:56 ----D---- C:\WINDOWS\SECURITY
2009-07-17 09:21:05 ----D---- C:\WINDOWS\network diagnostic
2009-07-17 09:21:05 ----D---- C:\WINDOWS\IME
2009-07-17 09:21:05 ----D---- C:\WINDOWS\Help
2009-07-17 09:20:48 ----D---- C:\WINDOWS\system32\USMT
2009-07-17 09:20:45 ----D---- C:\WINDOWS\PeerNet
2009-07-17 09:20:45 ----D---- C:\Program Files\Movie Maker
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\NPP
2009-07-17 09:18:29 ----D---- C:\WINDOWS\MSAGENT
2009-07-17 09:18:27 ----D---- C:\WINDOWS\SRCHASST
2009-07-17 09:18:26 ----D---- C:\Program Files\NetMeeting
2009-07-17 09:18:24 ----D---- C:\WINDOWS\system32\Com
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows NT
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows Media Player
2009-07-17 09:18:21 ----D---- C:\Program Files\Outlook Express
2009-07-17 09:18:19 ----D---- C:\Program Files\Common Files\System
2009-07-17 09:18:04 ----D---- C:\WINDOWS\system32\OOBE
2009-07-17 09:18:01 ----D---- C:\WINDOWS\SYSTEM
2009-07-17 09:15:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-17 08:46:25 ----D---- C:\WINDOWS\Internet Logs
2009-07-17 08:46:24 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-17 08:43:32 ----D---- C:\Program Files\Yahoo!
2009-07-16 07:57:02 ----D---- C:\Program Files\GE Security Supra
2009-07-15 10:51:42 ----D---- C:\Program Files\ZipForm Desktop
2009-07-12 22:30:57 ----D---- C:\Documents and Settings\Nanette\Application Data\ZoomBrowser EX
2009-07-12 22:29:51 ----D---- C:\Documents and Settings\Nanette\Application Data\CameraWindowDC
2009-07-08 15:37:57 ----A---- C:\WINDOWS\WIN.INI
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-18 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-05 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-18 8413]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 slabbus;DisplayKEY USB Cradle driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-09-07 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-09-07 89808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-18 298776]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DkeySync;DkeySync; c:\program files\ge security supra\syncservice.exe [2006-09-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Zumie Search Service;Zumie Search Service; C:\Program Files\Zumie\zumie.exe C:\Program Files\Zumie\zumie.dll Service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-09 138680]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-19 20:27:41
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
Ariel's Story Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B53B4D8E-08ED-41B0-8937-71F74DB7A8E9}\setup.exe" -l0x9 Ariel's Story Studio
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Digital Camera Solution Disk 40-46 Software Starter Guide-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\SoftwareStarterGuide-DCSD40_46\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Personal Printing Guide-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\Personal Printing Guide\Uninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Champions Texas Test Prep-->MsiExec.exe /I{C23EB325-2BA9-40CF-BE59-4F1780D9066F}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CP210x USB to UART Bridge Controller-->C:\WINDOWS\system32\ducunin2k.exe C:\WINDOWS\system32\ducunin.u2k
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DGOControls-->C:\Program Files\InstallShield Installation Information\{779A19AC-A302-425D-B295-F12116C2D731}\setup.exe -runfromtemp -l0x0009 -removeonly
Disney Pix 2.2-->MsiExec.exe /X{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}
DisplayKEY USB Cradle version 0.7.2.1-->"C:\Program Files\GE Security Supra\unins000.exe"
Dora Backpack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9 -uninst
DVD Photo Slideshow Pro 7.50-->C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
Freddi Fish The Case of the Haunted Schoolhouse-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\FreddiCHSH\Uninst.isu" -c"C:\Program Files\Infogrames Interactive\FreddiCHSH\Uninst.dll
Freeze Clip Art-->"C:\PROGRA~1\Freeze.com\Freeze Clip Art\UNINSTAL.EXE"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver-->MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
hp officejet 6100 series-->rundll32 hpzcon07.dll,VendorJettison hp officejet 6100 series
HP PrecisionScan LT Software-->C:\SCANJET\PrecisionScanLT\uninstal.exe C:\SCANJET\PrecisionScanLT\uninstal.cfg
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
JumpStart Advanced Kindergarten-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UNKinder2002.exe
JumpStart Advanced Language Club-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSLangClubUn.exe
JumpStart Advanced Preschool-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSAPS.exe
JumpStart Explorers-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSExp.exe
JumpStart Math-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSMath2gUn.exe
Kid Pix Deluxe 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}\setup.exe" -l0x9 -removeonly
L&H TTS3000 Español-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech Harmony Remote Software 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language S
Post by: Dale on July 19, 2009, 09:37:14 PM
Just FYI I guess.
Dale
Post by: guestolo on July 22, 2009, 08:46:45 AM
Quote
Hmmm. I saw an AVG dialog popup just now while waiting to see if there was a reply to my last posting. It asked me if I wanted to quarantine something, so I did. The Virus name was Adware Generic3.KUK. The path to the file was in C:System Volume Information\_restore{log string}\... If the name's important, I'll enter it. (I couldn't figure out a way to cut and paste it.)
That file was in the System Restore folders
Not to worry, we'll clear those System Restore points in our final steps
Can you still do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz (http://\"http://www.dell4me.com/mywaybiz\")
R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O23 - Service: Zumie Search Service - Unknown owner - C:\Program Files\Zumie\zumie.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot your computer
Back in Windows
Access your Add and Remove Programs and remove all the following
Remove what you can,
Java 2 Runtime Environment, SE v1.4.2_06 < this is outdated, don't reboot if prompted yet
My Way Search Assistant
Viewpoint Media Player
Zumie Search 1.0 build 130
Reboot the computer after All/Any of the above were uninstalled
Back in Windows
[color=\"blue\"]Updating Java:[/color]
- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "JRE 6 Update 14".
- Click the "Download" button to the right.
- In the Window that opens, select Windows, beside PLATFORM:>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.
Your option, but you can disable it thru windows Control Panel>>Java icon>Advanced>Miscellaneous>
Untick Java Quick Starter and apply it
Please download the [color=\"#0000FF\"]OTM by OldTimer[/color] (http://\"http://oldtimer.geekstogo.com/OTM.exe\")[/url].
- Save it to your desktop.
- Please double-click OTM.exe to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: [Select]
:Processes
explorer.exe
iexplore.exe
:Services
Zumie Search Service
:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
:Files
C:\Program Files\Zumie
:Commands
[EmptyTemp]
[Reboot]- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red [color=\"#FF0000\"]Moveit![/color] button.
- Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Back in Windows
Navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Could you also run RSIT.exe again, this time only post log.txt that opens
Post by: Dale on July 22, 2009, 07:19:54 PM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver Zumie Search Service deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD\ deleted successfully.
========== FILES ==========
C:\Program Files\Zumie moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dylan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Kate
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 6424 bytes
->FireFox cache emptied: 90623937 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 1700490 bytes
User: Michael
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 77879247 bytes
User: Nanette
->Temp folder emptied: 14745607 bytes
->Temporary Internet Files folder emptied: 10982618 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 71549560 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 8225809 bytes
Windows Temp folder emptied: 738 bytes
RecycleBin emptied: 8118828 bytes
Total Files Cleaned = 283.54 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07222009_190819
Files moved on Reboot...
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nanette at 2009-07-22 19:15:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 32 GB (44%) free of 73 GB
Total RAM: 510 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:41 PM, on 7/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nanette\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nanette.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6320 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-18 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe [2005-11-15 179784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-05 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboo]
C:\WINDOWS\Temp\RECOVE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Media Server.lnk]
C:\PROGRA~1\NETGEAR\MEDIAS~1\MEDIAS~1.EXE -systray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2006-05-04 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Resume Picaboo Installation.lnk]
C:\PROGRA~1\Picaboo\PICABO~1\PICABO~1.EXE [2006-07-13 316992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"CCALib8"=2
"WMPNetworkSvc"=3
"NetSvc"=3
"DSBrokerService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe
Logitech Harmony Remote Software 7.lnk - C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\NETGEAR\Media Server\MediaServer.exe"="C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Disabled:Digital 5 Streaming Media Application"
"C:\Program Files\Mode11\CallDir.exe"="C:\Program Files\Mode11\CallDir.exe:*:Disabled:CallDir"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-07-22 19:08:19 ----D---- C:\_OTM
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\java.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-19 20:27:16 ----D---- C:\rsit
2009-07-19 19:26:58 ----D---- C:\Documents and Settings\Nanette\Application Data\Malwarebytes
2009-07-19 19:26:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 16:19:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-18 16:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-18 16:17:19 ----D---- C:\Program Files\NOS
2009-07-18 13:22:01 ----HD---- C:\$AVG8.VAULT$
2009-07-18 13:00:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-18 12:59:58 ----D---- C:\Program Files\SpywareBlaster
2009-07-18 12:53:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-18 12:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-18 12:52:29 ----D---- C:\Program Files\AVG
2009-07-18 12:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-17 10:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-17 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 10:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-17 10:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 09:53:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-17 09:53:01 ----D---- C:\Program Files\MSBuild
2009-07-17 09:52:50 ----D---- C:\Program Files\Reference Assemblies
2009-07-17 09:52:08 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-17 09:52:06 ----D---- C:\4f2cacaadf4e32756a1446f8aae74558
2009-07-17 09:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 09:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 09:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 09:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 09:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 09:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 09:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 09:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 09:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 09:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 09:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 09:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 09:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 09:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 09:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 09:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-17 09:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 09:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 09:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 09:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 09:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 09:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 09:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 09:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 09:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-17 09:27:35 ----D---- C:\WINDOWS\Prefetch
2009-07-17 09:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-17 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 09:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 09:20:47 ----D---- C:\WINDOWS\system32\scripting
2009-07-17 09:20:46 ----D---- C:\WINDOWS\system32\en
2009-07-17 09:20:46 ----D---- C:\WINDOWS\l2schemas
2009-07-17 09:20:45 ----D---- C:\WINDOWS\system32\bits
2009-07-17 09:18:35 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-17 09:12:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-17 09:12:01 ----D---- C:\WINDOWS\EHome
2009-07-17 09:07:54 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-17 09:07:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-17 09:07:50 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-17 09:07:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-17 09:07:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-17 09:07:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\slrundll.exe
2009-07-17 09:07:29 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-17 09:07:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-17 09:07:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-17 09:07:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-17 09:07:18 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-17 09:07:07 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-17 09:06:49 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-17 09:06:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-17 09:06:20 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-17 09:06:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-17 09:06:08 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-17 09:06:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-17 09:06:02 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-17 09:05:52 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-17 08:25:04 ----D---- C:\Program Files\CCleaner
2009-07-17 08:17:25 ----N---- C:\WINDOWS\system32\xpsp4res.dll
======List of files/folders modified in the last 1 months======
2009-07-22 19:12:55 ----D---- C:\Program Files\Mozilla Firefox
2009-07-22 19:11:12 ----D---- C:\WINDOWS\Temp
2009-07-22 19:11:05 ----D---- C:\WINDOWS
2009-07-22 19:09:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-22 19:08:54 ----D---- C:\WINDOWS\SYSTEM32
2009-07-22 19:08:28 ----RD---- C:\Program Files
2009-07-22 19:03:45 ----SHD---- C:\WINDOWS\Installer
2009-07-22 19:03:22 ----D---- C:\Program Files\Java
2009-07-22 18:35:02 ----D---- C:\Program Files\Common Files
2009-07-19 19:53:06 ----D---- C:\WINDOWS\system32\DRIVERS
2009-07-19 19:12:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 16:22:19 ----D---- C:\Program Files\Adobe
2009-07-18 16:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-18 16:21:26 ----D---- C:\Program Files\Common Files\Adobe
2009-07-18 16:19:22 ----D---- C:\Documents and Settings\Nanette\Application Data\Adobe
2009-07-18 16:17:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 16:09:58 ----D---- C:\Program Files\BroadJump
2009-07-18 12:52:15 ----D---- C:\WINDOWS\WinSxS
2009-07-18 12:52:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-18 12:51:28 ----SD---- C:\Documents and Settings\Nanette\Application Data\Microsoft
2009-07-17 10:48:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 10:48:18 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-07-17 10:20:31 ----D---- C:\Program Files\Trend Micro
2009-07-17 10:18:51 ----D---- C:\WINDOWS\Debug
2009-07-17 10:15:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 10:15:19 ----HD---- C:\WINDOWS\INF
2009-07-17 10:14:45 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-07-17 10:10:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 10:05:30 ----D---- C:\WINDOWS\system32\WBEM
2009-07-17 10:05:30 ----D---- C:\WINDOWS\AppPatch
2009-07-17 10:05:30 ----D---- C:\Program Files\Internet Explorer
2009-07-17 10:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-17 09:52:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 09:52:56 ----RSD---- C:\WINDOWS\Fonts
2009-07-17 09:52:26 ----D---- C:\WINDOWS\system32\SPOOL
2009-07-17 09:45:26 ----D---- C:\WINDOWS\ie7updates
2009-07-17 09:41:31 ----D---- C:\Program Files\Messenger
2009-07-17 09:27:06 ----D---- C:\WINDOWS\system32\Setup
2009-07-17 09:24:56 ----D---- C:\WINDOWS\SECURITY
2009-07-17 09:21:05 ----D---- C:\WINDOWS\network diagnostic
2009-07-17 09:21:05 ----D---- C:\WINDOWS\IME
2009-07-17 09:21:05 ----D---- C:\WINDOWS\Help
2009-07-17 09:20:48 ----D---- C:\WINDOWS\system32\USMT
2009-07-17 09:20:45 ----D---- C:\WINDOWS\PeerNet
2009-07-17 09:20:45 ----D---- C:\Program Files\Movie Maker
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\NPP
2009-07-17 09:18:29 ----D---- C:\WINDOWS\MSAGENT
2009-07-17 09:18:27 ----D---- C:\WINDOWS\SRCHASST
2009-07-17 09:18:26 ----D---- C:\Program Files\NetMeeting
2009-07-17 09:18:24 ----D---- C:\WINDOWS\system32\Com
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows NT
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows Media Player
2009-07-17 09:18:21 ----D---- C:\Program Files\Outlook Express
2009-07-17 09:18:19 ----D---- C:\Program Files\Common Files\System
2009-07-17 09:18:04 ----D---- C:\WINDOWS\system32\OOBE
2009-07-17 09:18:01 ----D---- C:\WINDOWS\SYSTEM
2009-07-17 09:15:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-17 08:46:25 ----D---- C:\WINDOWS\Internet Logs
2009-07-17 08:46:24 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-17 08:43:32 ----D---- C:\Program Files\Yahoo!
2009-07-16 07:57:02 ----D---- C:\Program Files\GE Security Supra
2009-07-15 10:51:42 ----D---- C:\Program Files\ZipForm Desktop
2009-07-12 22:30:57 ----D---- C:\Documents and Settings\Nanette\Application Data\ZoomBrowser EX
2009-07-12 22:29:51 ----D---- C:\Documents and Settings\Nanette\Application Data\CameraWindowDC
2009-07-08 15:37:57 ----A---- C:\WINDOWS\WIN.INI
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-18 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-05 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-18 8413]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 slabbus;DisplayKEY USB Cradle driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-09-07 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-09-07 89808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-18 298776]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DkeySync;DkeySync; c:\program files\ge security supra\syncservice.exe [2006-09-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-09 138680]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Post by: guestolo on July 23, 2009, 07:30:27 PM
Quote
I did uninstall her copy of Zone Alarm as it seemed to not be working all that well, so she may have no antivirus at all now, but that's fixable.
Do you know what version of Zone Alarm she had installed?
I see leftover entries we should remove
Post by: Dale on July 23, 2009, 07:46:17 PM
Do you know what version of Zone Alarm she had installed?
I see leftover entries we should remove[/quote]
I do not know what version it was.
I guess the system's fine. To be honest I haven't been running it that much. I kind of peek to see if you've replied on other computers and if so, I come in and turn this one on and follow your instructions.
I'll "surf" some now and see how it goes. :-)
Let me know what to do next please.
Post by: guestolo on July 23, 2009, 08:07:41 PM
If you haven't installed any other Firewall software since removing Zone Alarm, can you ensure the Windows Firewall is enabled
Go into Windows Control Panel and take a look please
I'll check back in a couple hours, let me know if you have experienced any problems, if not, we'll do some final cleanup and try and remove the leftovers of ZA
Post by: Dale on July 23, 2009, 08:13:36 PM
Thanks,
Dale
Post by: Dale on July 23, 2009, 08:55:45 PM
Post by: Dale on July 23, 2009, 10:33:20 PM
I'll check back tomorrow.
Take care,
Dale
Post by: guestolo on July 23, 2009, 11:27:59 PM
Just a spammer
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
and click Create
Windows will prompt when it was created successfully
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
OTM.exe
- Please double-click OTM.exe to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator). - Copy the lines inside the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: [Select]
:Processes
explorer.exe
:Services
vsdatant
:Reg
[-HKEY_CLASSES_ROOT\ZAMailSafe]
[-HKEY_CURRENT_USER\Software\Zone Labs]
[-HKEY_LOCAL_MACHINE\Software\Zone Labs]
[-HKEY_USERS\.DEFAULT\Software\Zone Labs]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
:Files
C:\rsit
C:\WINDOWS\Internet Logs
C:\WINDOWS\system32\ZoneLabs
C:\Program Files\Zone Labs
:Commands
[Reboot]- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red [color=\"#FF0000\"]Moveit![/color] button.
- Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Back in Windows
Navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
That should do it, just one last step if everything is ok to clean the tools we used
Post by: Dale on July 24, 2009, 07:46:45 AM
I got on this morning and thought I'd do what you said. I got as far as the OTM stuff and it seems to be hanging.
In the Results dialog I saw
============== PROCESSES =================
Process explorer.exe killed successfully!
============== SERVICES/DRIVERS ==========
Service\Driver vsdatant deleted successfully
============== REGISTRY =================
After that the CPU has stayed at or near 100%
I'm going to let it run and head for work.
I don't think I goofed up but if it's still locked up when I get home, shall I reboot and try the OTM stuff again?
Dale
Post by: guestolo on July 24, 2009, 07:56:43 AM
Post by: Dale on July 24, 2009, 06:13:08 PM
Post by: Dale on July 24, 2009, 06:24:55 PM
After the Results windodow displays ==== REGISTRY ======= the application uses a lot of CPU but that seems to be about it.
What now sir?
Post by: guestolo on July 24, 2009, 09:03:01 PM
Post by: Dale on July 24, 2009, 09:34:12 PM
Run by Nanette at 2009-07-24 21:32:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (53%) free of 73 GB
Total RAM: 510 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:55 PM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nanette\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nanette.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6247 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-06-30 1388544]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-18 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2004-09-14 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe [2005-11-15 179784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-01-05 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecoverFromReboo]
C:\WINDOWS\Temp\RECOVE~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2004-09-01 156784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR Media Server.lnk]
C:\PROGRA~1\NETGEAR\MEDIAS~1\MEDIAS~1.EXE -systray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Picaboo.lnk]
C:\PROGRA~1\Picaboo\Picaboo\PICABO~2.EXE [2006-05-04 147456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nanette^Start Menu^Programs^Startup^Resume Picaboo Installation.lnk]
C:\PROGRA~1\Picaboo\PICABO~1\PICABO~1.EXE [2006-07-13 316992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"CCALib8"=2
"WMPNetworkSvc"=3
"NetSvc"=3
"DSBrokerService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe
Logitech Harmony Remote Software 7.lnk - C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1134867187\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\NETGEAR\Media Server\MediaServer.exe"="C:\Program Files\NETGEAR\Media Server\MediaServer.exe:*:Disabled:Digital 5 Streaming Media Application"
"C:\Program Files\Mode11\CallDir.exe"="C:\Program Files\Mode11\CallDir.exe:*:Disabled:CallDir"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-07-22 19:08:19 ----D---- C:\_OTM
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\java.exe
2009-07-22 19:04:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-19 20:27:16 ----D---- C:\rsit
2009-07-19 19:26:58 ----D---- C:\Documents and Settings\Nanette\Application Data\Malwarebytes
2009-07-19 19:26:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 19:26:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 16:19:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-18 16:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-18 16:17:19 ----D---- C:\Program Files\NOS
2009-07-18 13:22:01 ----HD---- C:\$AVG8.VAULT$
2009-07-18 13:00:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-18 12:59:58 ----D---- C:\Program Files\SpywareBlaster
2009-07-18 12:53:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-18 12:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-18 12:52:29 ----D---- C:\Program Files\AVG
2009-07-18 12:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-17 10:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-17 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 10:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-17 10:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 09:53:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-17 09:53:01 ----D---- C:\Program Files\MSBuild
2009-07-17 09:52:50 ----D---- C:\Program Files\Reference Assemblies
2009-07-17 09:52:08 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-17 09:52:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-17 09:52:06 ----D---- C:\4f2cacaadf4e32756a1446f8aae74558
2009-07-17 09:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 09:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 09:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 09:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 09:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 09:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 09:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 09:43:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 09:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 09:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 09:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 09:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 09:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 09:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 09:42:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 09:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-17 09:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 09:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 09:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 09:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 09:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 09:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 09:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 09:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 09:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-17 09:27:35 ----D---- C:\WINDOWS\Prefetch
2009-07-17 09:25:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-17 09:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 09:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 09:20:47 ----D---- C:\WINDOWS\system32\scripting
2009-07-17 09:20:46 ----D---- C:\WINDOWS\system32\en
2009-07-17 09:20:46 ----D---- C:\WINDOWS\l2schemas
2009-07-17 09:20:45 ----D---- C:\WINDOWS\system32\bits
2009-07-17 09:18:35 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-17 09:12:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-17 09:12:01 ----D---- C:\WINDOWS\EHome
2009-07-17 09:07:54 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-17 09:07:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-17 09:07:50 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-17 09:07:49 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-17 09:07:42 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-17 09:07:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-17 09:07:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-17 09:07:34 ----N---- C:\WINDOWS\slrundll.exe
2009-07-17 09:07:29 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-17 09:07:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-17 09:07:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-17 09:07:24 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-17 09:07:22 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-17 09:07:21 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-17 09:07:18 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-17 09:07:08 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-17 09:07:07 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-17 09:07:06 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-17 09:06:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-17 09:06:49 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-17 09:06:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-17 09:06:35 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-17 09:06:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-17 09:06:20 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-17 09:06:16 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-17 09:06:13 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-17 09:06:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-17 09:06:08 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-17 09:06:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-17 09:06:02 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-17 09:06:00 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-17 09:05:59 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-17 09:05:52 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-17 08:25:04 ----D---- C:\Program Files\CCleaner
2009-07-17 08:17:25 ----N---- C:\WINDOWS\system32\xpsp4res.dll
======List of files/folders modified in the last 1 months======
2009-07-24 21:31:13 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 21:30:45 ----D---- C:\WINDOWS
2009-07-24 21:30:37 ----D---- C:\WINDOWS\Temp
2009-07-24 18:49:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-22 19:08:54 ----D---- C:\WINDOWS\SYSTEM32
2009-07-22 19:08:28 ----RD---- C:\Program Files
2009-07-22 19:03:45 ----SHD---- C:\WINDOWS\Installer
2009-07-22 19:03:22 ----D---- C:\Program Files\Java
2009-07-22 18:35:02 ----D---- C:\Program Files\Common Files
2009-07-19 19:53:06 ----D---- C:\WINDOWS\system32\DRIVERS
2009-07-19 19:12:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-18 16:22:19 ----D---- C:\Program Files\Adobe
2009-07-18 16:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-18 16:21:26 ----D---- C:\Program Files\Common Files\Adobe
2009-07-18 16:19:22 ----D---- C:\Documents and Settings\Nanette\Application Data\Adobe
2009-07-18 16:17:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 16:09:58 ----D---- C:\Program Files\BroadJump
2009-07-18 12:52:15 ----D---- C:\WINDOWS\WinSxS
2009-07-18 12:52:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-18 12:51:28 ----SD---- C:\Documents and Settings\Nanette\Application Data\Microsoft
2009-07-17 10:48:20 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 10:48:18 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-07-17 10:20:31 ----D---- C:\Program Files\Trend Micro
2009-07-17 10:18:51 ----D---- C:\WINDOWS\Debug
2009-07-17 10:15:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 10:15:19 ----HD---- C:\WINDOWS\INF
2009-07-17 10:14:45 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-07-17 10:10:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 10:05:30 ----D---- C:\WINDOWS\system32\WBEM
2009-07-17 10:05:30 ----D---- C:\WINDOWS\AppPatch
2009-07-17 10:05:30 ----D---- C:\Program Files\Internet Explorer
2009-07-17 10:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-17 09:52:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 09:52:56 ----RSD---- C:\WINDOWS\Fonts
2009-07-17 09:52:26 ----D---- C:\WINDOWS\system32\SPOOL
2009-07-17 09:45:26 ----D---- C:\WINDOWS\ie7updates
2009-07-17 09:41:31 ----D---- C:\Program Files\Messenger
2009-07-17 09:27:06 ----D---- C:\WINDOWS\system32\Setup
2009-07-17 09:24:56 ----D---- C:\WINDOWS\SECURITY
2009-07-17 09:21:05 ----D---- C:\WINDOWS\network diagnostic
2009-07-17 09:21:05 ----D---- C:\WINDOWS\IME
2009-07-17 09:21:05 ----D---- C:\WINDOWS\Help
2009-07-17 09:20:48 ----D---- C:\WINDOWS\system32\USMT
2009-07-17 09:20:45 ----D---- C:\WINDOWS\PeerNet
2009-07-17 09:20:45 ----D---- C:\Program Files\Movie Maker
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 09:18:30 ----D---- C:\WINDOWS\system32\NPP
2009-07-17 09:18:29 ----D---- C:\WINDOWS\MSAGENT
2009-07-17 09:18:27 ----D---- C:\WINDOWS\SRCHASST
2009-07-17 09:18:26 ----D---- C:\Program Files\NetMeeting
2009-07-17 09:18:24 ----D---- C:\WINDOWS\system32\Com
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows NT
2009-07-17 09:18:22 ----D---- C:\Program Files\Windows Media Player
2009-07-17 09:18:21 ----D---- C:\Program Files\Outlook Express
2009-07-17 09:18:19 ----D---- C:\Program Files\Common Files\System
2009-07-17 09:18:04 ----D---- C:\WINDOWS\system32\OOBE
2009-07-17 09:18:01 ----D---- C:\WINDOWS\SYSTEM
2009-07-17 09:15:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-17 08:46:25 ----D---- C:\WINDOWS\Internet Logs
2009-07-17 08:46:24 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-07-17 08:43:32 ----D---- C:\Program Files\Yahoo!
2009-07-16 07:57:02 ----D---- C:\Program Files\GE Security Supra
2009-07-15 10:51:42 ----D---- C:\Program Files\ZipForm Desktop
2009-07-12 22:30:57 ----D---- C:\Documents and Settings\Nanette\Application Data\ZoomBrowser EX
2009-07-12 22:29:51 ----D---- C:\Documents and Settings\Nanette\Application Data\CameraWindowDC
2009-07-08 15:37:57 ----A---- C:\WINDOWS\WIN.INI
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-18 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-01-05 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-18 8413]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-07-14 14448]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-08-13 258368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 slabbus;DisplayKEY USB Cradle driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-09-07 55312]
S3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-09-07 89808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-18 298776]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DkeySync;DkeySync; c:\program files\ge security supra\syncservice.exe [2006-09-07 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-09 138680]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Post by: guestolo on July 24, 2009, 10:32:04 PM
C:\rsit
C:\WINDOWS\Internet Logs
C:\WINDOWS\system32\ZoneLabs
C:\Program Files\Zone Labs
Post by: Dale on July 24, 2009, 11:15:34 PM
Post by: guestolo on July 24, 2009, 11:35:49 PM
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
Code: [Select]
REGEDIT4
[-HKEY_CLASSES_ROOT\ZAMailSafe]
[-HKEY_CURRENT_USER\Software\Zone Labs]
[-HKEY_LOCAL_MACHINE\Software\Zone Labs]
[-HKEY_USERS\.DEFAULT\Software\Zone Labs]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] Double click on fix.reg and allow to add/merge to the registry at the prompt
download OTC.exe (http://\"http://oldtimer.geekstogo.com/OTC.exe\") and save it to desktop. This tool will remove most tools we used to clean your pc.
* Double-click OTC.exe.
* Click the CleanUp! button.
* Select Yes when the "Begin cleanup Process?" prompt appears.
* If you are prompted to Reboot during the cleanup, select Yes. If not reboot manually
* The tool will delete itself once it finishes, if not delete it by yourself.
Back in Windows manually delete fix.reg
That should do it
Everything running normally?>?
Post by: Dale on July 25, 2009, 12:01:40 AM
Need to see another HiJack this log?
Just in case I pasted one in below.
Thank you very much for all your help on this,
Dale
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:01 AM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.Email Removed/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl (http://\"http://yahoo.sbc.com/dsl\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashb...DIEJEFIFDEEEIBJ (http://\"http://tmss.trendmicro.com/dashboard/dashboard.aspx?DCIEDCJBIDCDHJCAEEJDJADIEJEFIFDEEEIBJ\") (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (http://\"http://wwws.musicmatch.com/mmz/openWebRadio.html\") (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/contr...TMSSReportW.CAB (http://\"http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6199 bytes
Post by: guestolo on July 25, 2009, 08:48:33 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: Dale on July 25, 2009, 09:11:18 AM
Thanks again for all your help on this.
Till next time,
Dale
Post by: guestolo on July 25, 2009, 09:17:47 AM
Till next time
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />