Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old June 5th, 2009, 05:00 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
When I go to a site, often a different site pops up with similar info.

I'm using IE7. I typically use Google to search for sites. When I select a site I get directed there but often a couple of seconds later, another site will popup with similar info. URLs are always different. THe last one I got was shopwhiz.com.

I tried to restore my system to various restore points and they all errored out.

Help please.
~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:36 AM, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13567 bytes

Last edited by ibmjas; June 5th, 2009 at 07:52 PM. Reason: Adding HJT log
Reply With Quote
  #2  
Old June 7th, 2009, 12:42 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, ibmjas
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Step 1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Reply With Quote
  #3  
Old June 8th, 2009, 03:19 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
Thanks for helping me Tom.

LOG.TXT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie at 2009-06-08 08:54:22
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 202 GB (69%) free of 293 GB
Total RAM: 3573 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:42 AM, on 6/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Julie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13570 bytes
Reply With Quote
  #4  
Old June 8th, 2009, 03:23 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [2009-03-12 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
IEHlprObj Class - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL [2008-03-05 78848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll [2009-03-24 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}]
Gamevance Text - C:\Program Files\Gamevance\gvtl.dll [2009-05-22 233984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
""= []
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-11 101136]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-02 198160]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"=C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [2007-01-11 101136]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-10 30192]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2008-10-03 1742064]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
"Adobe Reader Speed Launcher"=c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"Gamevance"=C:\Program Files\Gamevance\gamevance32.exe [2009-05-22 104960]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2008-12-10 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Event Reminder.lnk - C:\Program Files\The Print Shop 23\Remind.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62 ~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-12-10 10536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\Persona\Persona.exe"="C:\Program Files\Persona\Persona.exe:*:Enabled:Persona"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c2866025-e2c3-11dd-8d6e-001fe2dc94f4}]
shell\AutoRun\command - F:\InstallTomTomHOME.exe

======List of files/folders created in the last 1 months======
2009-06-08 08:54:22 ----D---- C:\rsit
2009-06-05 11:48:41 ----D---- C:\Program Files\Trend Micro
2009-06-05 11:13:50 ----D---- C:\Windows\system32\WindowsPowerShell
2009-06-05 11:12:09 ----D---- C:\Program Files\Microsoft ATS
2009-06-03 17:13:02 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-03 17:12:47 ----D---- C:\Program Files\iPod
2009-06-03 17:12:46 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 17:12:46 ----D---- C:\Program Files\iTunes
2009-06-03 17:10:33 ----D---- C:\Program Files\QuickTime
2009-06-03 17:05:15 ----D---- C:\Program Files\Safari
2009-06-03 17:04:49 ----D---- C:\Program Files\Bonjour
2009-06-03 17:04:46 ----SHD---- C:\Config.Msi
2009-06-01 22:12:56 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-06-01 22:12:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-06-01 22:12:51 ----A---- C:\Windows\system32\xinput1_3.dll
2009-06-01 22:12:51 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-06-01 22:12:49 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-06-01 22:12:48 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-06-01 22:12:48 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-06-01 22:12:47 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-06-01 22:12:47 ----A---- C:\Windows\system32\d3dx10.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-06-01 22:12:45 ----A---- C:\Windows\system32\xinput1_2.dll
2009-06-01 22:12:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-06-01 22:12:44 ----A---- C:\Windows\system32\xinput1_1.dll
2009-06-01 22:12:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-06-01 22:12:43 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-06-01 22:12:34 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-06-01 22:12:34 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-06-01 22:12:33 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-06-01 22:12:33 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-06-01 22:12:32 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-06-01 22:12:32 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-05-22 16:45:22 ----D---- C:\Program Files\Mozilla Firefox
2009-05-22 16:45:22 ----D---- C:\Program Files\AskBarDis
2009-05-22 16:45:14 ----D---- C:\Program Files\Gamevance
======List of files/folders modified in the last 1 months======
2009-06-08 08:54:37 ----D---- C:\Windows\Prefetch
2009-06-08 08:54:24 ----D---- C:\Windows\Temp
2009-06-08 08:41:42 ----D---- C:\Windows\Tasks
2009-06-08 01:02:26 ----SHD---- C:\System Volume Information
2009-06-07 23:26:12 ----D---- C:\ProgramData\Google Updater
2009-06-06 22:41:11 ----D---- C:\Windows\rescache
2009-06-06 22:39:23 ----RD---- C:\Program Files
2009-06-06 22:25:33 ----D---- C:\Windows\system32\Tasks
2009-06-06 22:23:11 ----A---- C:\Windows\ntbtlog.txt
2009-06-06 22:22:46 ----D---- C:\Windows\Minidump
2009-06-06 22:22:17 ----D---- C:\Windows
2009-06-05 12:00:12 ----RSD---- C:\Windows\assembly
2009-06-05 12:00:12 ----D---- C:\Windows\Microsoft.NET
2009-06-05 11:17:38 ----D---- C:\Windows\AppPatch
2009-06-05 11:13:52 ----D---- C:\Windows\winsxs
2009-06-05 11:13:50 ----D---- C:\Windows\System32
2009-06-05 11:13:38 ----D---- C:\Windows\system32\catroot
2009-06-05 11:13:37 ----D---- C:\Windows\system32\catroot2
2009-06-05 11:12:12 ----SD---- C:\Windows\Downloaded Program Files
2009-06-03 17:13:33 ----SHD---- C:\Windows\Installer
2009-06-03 17:13:03 ----D---- C:\Windows\system32\drivers
2009-06-03 17:13:02 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-03 17:12:47 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 17:12:46 ----HD---- C:\ProgramData
2009-06-03 17:08:54 ----D---- C:\Windows\inf
2009-06-02 08:13:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-02 00:56:33 ----D---- C:\Windows\system32\wbem
2009-06-02 00:56:01 ----D---- C:\Windows\system32\CodeIntegrity
2009-06-02 00:56:00 ----D---- C:\Windows\system32\spool
2009-06-02 00:56:00 ----D---- C:\Windows\registration
2009-05-22 16:45:22 ----D---- C:\Users\Julie\AppData\Roaming\Mozilla
2009-05-14 03:02:14 ----D---- C:\ProgramData\Microsoft Help
2009-05-14 03:00:38 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx 86.sys [2009-03-12 258608]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx8 6.sys [2009-04-24 482352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-04-24 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090528. 001\IDSvix86.sys [2009-01-29 292912]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\Windows\system32\drivers\NIS\1005000.087\SR TSPX.SYS [2009-03-12 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-03-12 25136]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI .SYS [2009-03-12 217392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-23 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-23 8704]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-12-10 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-12-10 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-24 101936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-23 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-23 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-11 32528]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 7.021\NAVENG.SYS [2009-06-03 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 7.021\NAVEX15.SYS [2009-06-03 876144]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-12-10 50688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP. SYS [2009-03-12 307760]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-24 124464]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW. SYS [2009-03-12 89776]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDI SV.SYS [2009-03-12 39984]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-23 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-20 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-20 40448]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-12-10 220160]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-20 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SY MDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SY MREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 usbser;SkyCaddie USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-20 28160]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
Reply With Quote
  #5  
Old June 8th, 2009, 03:28 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-12-10 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2008-07-28 44032]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 78104]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-01-07 78104]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-23 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-27 34312]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-07-04 164600]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-10 30192]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-12-10 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
-----------------EOF-----------------
Reply With Quote
  #6  
Old June 8th, 2009, 03:33 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
info.txt logfile of random's system information tool 1.06 2009-06-08 08:54:44
======Uninstall list======
-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Dell Games\Jewel Quest Mysteries\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dell Game Console\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dream Chronicles\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\FATE\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Bejeweled 2 Deluxe (remove only)-->"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x0009
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C0 6&SUBSYS_14F1000F\UIU32m.exe -U -Idel000fz.INF
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell Best of Web-->MsiExec.exe /I{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DELL0604-->MsiExec.exe /I{3D8F9830-D6A3-413A-9A54-993827A73E47}
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Family Tree Maker Version 16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B59AB31-EBD0-45E4-A725-7112904DA605}\setup.exe" -l0x9
Fishdom (remove only)-->"C:\Program Files\iWin.com\Fishdom\Uninstall.exe"
FTMVistaUpdater-->MsiExec.exe /I{EE295D30-A10C-44F6-B14C-05E0D99429E4}
Gamevance-->C:\Program Files\Gamevance\gvun.exe
GenSmarts-->"C:\Program Files\GenSmarts\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D2 55554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hybrid Downloader 1,0,2,6-->C:\Program Files\Persona\uninst.exe
ImageMixer for Sony-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Inca Quest (remove only)-->"C:\Program Files\iWin.com Games\Inca Quest\Uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest (remove only)-->"C:\Program Files\iWin.com Games\Jewel Quest\Uninstall.exe"
Jewel Quest II (remove only)-->"C:\Program Files\iWin.com\Jewel Quest II\Uninstall.exe"
KhalSetup-->MsiExec.exe /I{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
Neffy 1,2,0,22-->C:\Program Files\Neffy\uninst.exe
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.5.0.135\InstStub.exe /X
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Reply With Quote
  #7  
Old June 8th, 2009, 03:37 PM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
SkyCaddie Desktop-->"C:\Program Files\SkyGolf\SkyCaddie Desktop\UninstSkyCaddie.exe"
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
The Print Shop 23-->MsiExec.exe /I{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}
TomTom HOME 2.6.2.1586-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboTax 2008 winiper-->MsiExec.exe /I{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
WildTangent Games-->"C:\Program Files\WildTangent\Dell Games\Uninstall.exe"
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 92241
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090608035834.000000-000
Event Type: Warning
User:
Computer Name: Home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 92242
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090608035834.000000-000
Event Type: Warning
User:
Computer Name: Home-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00215C863CF5. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 92261
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090608134121.000000-000
Event Type: Warning
User:
Computer Name: Home-PC
Event Code: 1003
Message:
Record Number: 92264
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090608134123.000000-000
Event Type: Warning
User:
Computer Name: Home-PC
Event Code: 1002
Message: The IP address lease 192.168.1.101 for the Network Card with network address 0023AE0C48B0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Record Number: 92265
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090608134123.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Home-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 6971
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090607032358.000000-000
Event Type: Warning
User:
Computer Name: Home-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6999
Source Name: Microsoft-Windows-WMI
Time Written: 20090607032523.000000-000
Event Type: Error
User:
Computer Name: Home-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.co...uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 7002
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090607032554.000000-000
Event Type: Error
User:
Computer Name: Home-PC
Event Code: 1000
Message: Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp 0x489807f1, faulting module KERNEL32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception code 0xe0434f4d, fault offset 0x000442eb, process id 0x1574, application start time 0x01c9e720e84a59f0.
Record Number: 7010
Source Name: Application Error
Time Written: 20090607033505.000000-000
Event Type: Error
User:
Computer Name: Home-PC
Event Code: 1000
Message: Faulting application mcupdate.EXE, version 6.0.6001.18115, time stamp 0x489807f1, faulting module KERNEL32.dll, version 6.0.6001.18215, time stamp 0x49953395, exception code 0xe0434f4d, fault offset 0x000442eb, process id 0x13ec, application start time 0x01c9e7ee2976b540.
Record Number: 7019
Source Name: Application Error
Time Written: 20090608040421.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Home-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3715363
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 16381
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090608134210.219600-000
Event Type: Audit Success
User:
Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\N IS\1005000.087\BHDrvx86.sys
Record Number: 16382
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090608135440.008600-000
Event Type: Audit Failure
User:
Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\N IS\1005000.087\BHDrvx86.sys
Record Number: 16383
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090608135440.039800-000
Event Type: Audit Failure
User:
Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\N IS\1005000.087\BHDrvx86.sys
Record Number: 16384
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090608135440.071000-000
Event Type: Audit Failure
User:
Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\N IS\1005000.087\BHDrvx86.sys
Record Number: 16385
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090608135440.102200-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\Wi ndowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Reply With Quote
  #8  
Old June 8th, 2009, 09:15 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please take note of the following:

Vista User please always run every tool with rightclick " run as administrator" !!


Step 1

Please uninstall through add/remove programs:

ASK Toolbar
Bonjour


Step 2

Next, download ComboFix
Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Reply With Quote
  #9  
Old June 9th, 2009, 05:23 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
ComboFix
ComboFix 09-06-08.03 - Julie 06/08/2009 22:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3573.1729 [GMT -5:00]
Running from: c:\users\Julie\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Gamevance\gvtl.dll
c:\users\Julie\FAVORI~1\Privacy Protector.url
c:\users\Julie\FAVORI~1\Spyware&Malware Protection.url
c:\users\Julie\Favorites\Privacy Protector.url
c:\users\Julie\Favorites\Spyware&Malware Protection.url
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iWinGamesInstaller

((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.
2009-06-09 04:05 . 2009-06-09 04:05 -------- d-sh--w- \$RECYCLE.BIN
2009-06-08 23:47 . 2009-06-03 07:25 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\NAVENG.SYS
2009-06-08 23:47 . 2009-06-03 07:25 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\NAVEX15.SYS
2009-06-08 23:47 . 2009-06-03 07:25 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\EECTRL.SYS
2009-06-08 23:47 . 2009-06-03 07:25 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\ECMSVR32.DLL
2009-06-08 23:47 . 2009-06-03 07:25 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\CCERASER.DLL
2009-06-08 23:47 . 2009-06-03 07:25 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\NAVENG32.DLL
2009-06-08 23:47 . 2009-06-03 07:25 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\NAVEX32A.DLL
2009-06-08 23:47 . 2009-06-03 07:25 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 8.033\ERASER.SYS
2009-06-08 19:07 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\Scxpx86.dll
2009-06-08 19:07 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\IDSXpx86.sys
2009-06-08 19:07 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\IDSxpx86.dll
2009-06-08 19:07 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\IDSvix86.sys
2009-06-08 19:07 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\IDSviA64.sys
2009-06-08 13:54 . 2009-06-08 14:00 -------- d-----w- C:\rsit
2009-06-08 13:54 . 2009-06-08 14:00 -------- d-----w- \rsit
2009-06-07 03:24 . 2009-06-09 04:04 3747655680 --sha-w- \hiberfil.sys
2009-06-05 16:48 . 2009-06-05 16:48 -------- d-----w- c:\program files\Trend Micro
2009-06-05 16:16 . 2009-06-05 16:16 -------- d-----w- c:\users\Julie\AppData\Local\ElevatedDiagnostics
2009-06-05 16:12 . 2009-06-05 16:12 -------- d-----w- c:\program files\Microsoft ATS
2009-06-03 22:13 . 2009-03-19 21:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-03 22:13 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\program files\iPod
2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\program files\iTunes
2009-06-03 22:10 . 2009-06-03 22:11 -------- d-----w- c:\program files\QuickTime
2009-06-03 22:06 . 2009-06-03 22:06 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 22:05 . 2009-06-03 22:05 -------- d-----w- c:\program files\Safari
2009-06-03 22:04 . 2009-06-09 04:04 -------- d-sh--w- \Config.Msi
2009-05-29 19:53 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\Scxpx86.dll
2009-05-29 19:53 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSXpx86.sys
2009-05-29 19:53 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSvix86.sys
2009-05-29 19:53 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSxpx86.dll
2009-05-29 19:53 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSviA64.sys
2009-05-22 21:45 . 2009-06-09 04:02 -------- d-----w- c:\program files\Gamevance
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-09 04:04 . 2009-06-07 03:24 3747655680 --sha-w- \hiberfil.sys
2009-06-09 04:04 . 2008-12-25 19:38 5619318784 --sha-w- \pagefile.sys
2009-06-09 04:04 . 2008-12-10 07:51 836 ----a-w- c:\windows\bthservsdp.dat
2009-06-08 04:26 . 2008-12-30 07:56 -------- d-----w- c:\programdata\Google Updater
2009-06-03 22:12 . 2008-12-27 20:24 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 19:54 . 2009-01-03 00:53 680 ----a-w- c:\users\Julie\AppData\Local\d3d9caps.dat
2009-05-14 08:02 . 2008-12-27 20:49 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 08:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-01 19:39 . 2009-01-07 21:09 -------- d-----w- c:\program files\iWin Games
2009-04-27 22:46 . 2009-04-27 22:46 -------- d-----w- c:\programdata\Symantec
2009-04-25 04:16 . 2009-04-24 20:35 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-25 04:16 . 2009-04-24 20:35 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-25 04:16 . 2009-04-24 20:35 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-25 04:16 . 2009-04-24 20:35 -------- d-----w- c:\program files\Symantec
2009-04-24 20:43 . 2009-04-24 20:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-24 20:34 . 2009-04-24 20:34 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-04-24 20:34 . 2009-04-24 20:34 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-04-24 20:34 . 2009-04-24 20:34 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-04-24 20:34 . 2009-04-24 20:34 -------- d-----w- c:\program files\Norton Internet Security
2009-04-24 20:34 . 2009-04-24 20:34 -------- d-----w- c:\programdata\Norton
2009-04-24 20:33 . 2009-04-24 20:26 -------- d-----w- c:\programdata\NortonInstaller
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w- c:\program files\NortonInstaller
2009-04-24 20:28 . 2008-12-27 17:45 -------- d-----w- c:\programdata\avg8
2009-04-24 15:02 . 2009-04-24 15:02 -------- d-----w- c:\program files\TomTom International B.V
2009-04-24 15:02 . 2009-01-25 02:45 -------- d-----w- c:\program files\TomTom HOME 2
2009-04-24 00:48 . 2009-04-24 00:48 -------- d-----w- c:\programdata\SkyGolf
2009-04-24 00:46 . 2009-04-24 00:46 -------- d-----w- c:\program files\SG2
2009-04-24 00:46 . 2009-04-24 00:46 -------- d-----w- c:\program files\SkyGolf
2009-04-16 22:33 . 2009-04-16 22:33 -------- d-----w- c:\program files\Neffy
2009-04-16 22:32 . 2009-04-16 22:32 -------- d-----w- c:\program files\Persona
2009-04-15 05:06 . 2009-04-15 05:06 -------- d-----w- c:\programdata\Yahoo! Games
2009-04-15 05:06 . 2009-04-15 05:06 -------- d-----w- c:\programdata\Trymedia
2009-04-15 05:05 . 2009-04-15 05:05 -------- d-----w- c:\program files\Yahoo! Games
2009-04-15 00:23 . 2009-04-15 00:23 -------- d-----w- c:\users\Julie\AppData\Roaming\Playrix Entertainment
2009-04-15 00:23 . 2009-01-07 23:18 -------- d-----w- c:\program files\iWin.com
2009-04-11 05:20 . 2009-01-04 04:58 -------- d-----w- c:\program files\PokerStars
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 06:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 06:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-03-12 08:42 . 2009-04-24 20:35 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2008-12-10 14:10 . 2008-12-10 14:10 74 --sha-r- c:\windows\CT4CET.bin
2008-12-10 15:34 . 2008-12-10 15:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-12-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-02 198160]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-12 101136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-10 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-10-03 1742064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-05-22 104960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-01-12 101136]
c:\users\Julie\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-10 50688]
Event Reminder.lnk - c:\program files\The Print Shop 23\Remind.exe [2008-7-16 344064]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2008-12-10 679936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-10 14:27 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleD esktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8CD14AAA-74F9-4FFE-93F3-1F33D8FE640C}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{6E76F462-408F-491E-B680-94AAC957D6E0}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{86A05DB6-C7BE-4376-98B6-9B9E6E04197B}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine. exe:Cyberlink Media Server Browser Engine
"{524E8DA2-08A2-43C9-970E-2AC08D5B278E}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe: CyberLink Media Server
"{81940E7F-4A9E-4DFE-A4DE-20409C059220}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A9DD702-9CD0-4387-9032-52FC84B0983B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{747A59C5-4EA8-43C7-A44B-2EFBCE4FA1B5}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{93134AB1-FADF-4B9E-BFC5-1A40DEBFD0BD}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{6FEBB547-80D1-49D9-AFE0-5F1ED536EA2A}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{46DCF947-C884-4060-8B05-A66A2CB7211C}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{12FD2F4A-787E-4BBC-A69A-74CD494D568E}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{AC246764-A24D-40F0-9C17-2394390E38E9}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{11FAED67-D14A-467D-9126-2245BBB63F51}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A0DABB2-7BFE-4FAE-A479-8CA79C6CE468}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona
R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [12/30/2008 8:02 PM 79052]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000 .087\SymEFA.sys [4/24/2009 11:16 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087 \BHDrvx86.sys [4/24/2009 11:16 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.0 87\cchpx86.sys [4/24/2009 11:16 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604. 001\IDSvix86.sys [6/8/2009 2:07 PM 292912]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/10/2008 2:50 AM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/23/2008 11:09 PM 155648]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/7/2009 5:04 PM 78104]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [4/24/2009 11:16 PM 115560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/24/2009 3:00 AM 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [12/10/2008 10:46 AM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [12/10/2008 10:45 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [12/10/2008 10:45 AM 7424]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087 \symndisv.sys [4/24/2009 11:16 PM 39984]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/10/2008 9:20 AM 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-10 05:45]
.
Reply With Quote
  #10  
Old June 9th, 2009, 05:26 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 23:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5488)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
.
************************************************** ************************
.
Completion time: 2009-06-09 23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 04:11
Pre-Run: 212,577,038,336 bytes free
Post-Run: 213,118,005,248 bytes free
273 --- E O F --- 2009-05-14 08:02
Reply With Quote
  #11  
Old June 9th, 2009, 06:49 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one. (Print the instructions first)

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Full Scan
  • Click: Scan (The scan may take some time to finish, so please be patient.)
  • When the scan completes, a message box appears, click OK
At the main Scanner screen:
  • Click on: Show Results
  • A screen displaying the malware found shows
  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~
Please provide the MBAM report in your reply.



Please also post a fresh RSIT-Logfile. How is your system running?
Reply With Quote
  #12  
Old June 10th, 2009, 04:43 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
Malwarebytes' Anti-Malware 1.37
Database version: 2255
Windows 6.0.6001 Service Pack 1
6/9/2009 8:10:15 PM
mbam-log-2009-06-09 (20-10-15).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 263526
Time elapsed: 2 hour(s), 27 minute(s), 2 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Delete on reboot.
Files Infected:
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gamevancelib32.dll (Adware.Gamevance) -> Delete on reboot.
c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
Reply With Quote
  #13  
Old June 10th, 2009, 04:49 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie at 2009-06-09 22:39:11
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 202 GB (69%) free of 293 GB
Total RAM: 3573 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:21 PM, on 6/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Julie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3. dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11974 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [2009-03-12 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll [2009-03-24 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-01-11 101136]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-02 198160]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"=C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE [2007-01-11 101136]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-10 30192]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2008-10-03 1742064]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
"Adobe Reader Speed Launcher"=c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2008-12-10 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Event Reminder.lnk - C:\Program Files\The Print Shop 23\Remind.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe
C:\Users\Julie\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\Google DesktopNetwork3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-12-10 10536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\Persona\Persona.exe"="C:\Program Files\Persona\Persona.exe:*:Enabled:Persona"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Reply With Quote
  #14  
Old June 10th, 2009, 04:50 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
======List of files/folders created in the last 1 months======
2009-06-09 17:01:18 ----D---- C:\Users\Julie\AppData\Roaming\Malwarebytes
2009-06-09 17:01:13 ----D---- C:\ProgramData\Malwarebytes
2009-06-09 17:01:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-08 23:12:28 ----D---- C:\temp
2009-06-08 23:12:27 ----A---- C:\ComboFix.txt
2009-06-08 23:05:36 ----SHD---- C:\$RECYCLE.BIN
2009-06-08 22:57:47 ----A---- C:\Windows\zip.exe
2009-06-08 22:57:47 ----A---- C:\Windows\SWXCACLS.exe
2009-06-08 22:57:47 ----A---- C:\Windows\SWSC.exe
2009-06-08 22:57:47 ----A---- C:\Windows\SWREG.exe
2009-06-08 22:57:47 ----A---- C:\Windows\sed.exe
2009-06-08 22:57:47 ----A---- C:\Windows\PEV.exe
2009-06-08 22:57:47 ----A---- C:\Windows\NIRCMD.exe
2009-06-08 22:57:47 ----A---- C:\Windows\grep.exe
2009-06-08 22:57:26 ----D---- C:\Windows\ERDNT
2009-06-08 22:57:01 ----D---- C:\Qoobox
2009-06-08 08:54:22 ----D---- C:\rsit
2009-06-05 11:48:41 ----D---- C:\Program Files\Trend Micro
2009-06-05 11:13:50 ----D---- C:\Windows\system32\WindowsPowerShell
2009-06-05 11:12:09 ----D---- C:\Program Files\Microsoft ATS
2009-06-03 17:13:02 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-03 17:12:47 ----D---- C:\Program Files\iPod
2009-06-03 17:12:46 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 17:12:46 ----D---- C:\Program Files\iTunes
2009-06-03 17:10:33 ----D---- C:\Program Files\QuickTime
2009-06-03 17:05:15 ----D---- C:\Program Files\Safari
2009-06-03 17:04:46 ----SHD---- C:\Config.Msi
2009-06-01 22:12:56 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-06-01 22:12:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-06-01 22:12:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-06-01 22:12:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-06-01 22:12:52 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-06-01 22:12:51 ----A---- C:\Windows\system32\xinput1_3.dll
2009-06-01 22:12:51 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-06-01 22:12:50 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-06-01 22:12:49 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-06-01 22:12:48 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-06-01 22:12:48 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-06-01 22:12:47 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-06-01 22:12:47 ----A---- C:\Windows\system32\d3dx10.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-06-01 22:12:46 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-06-01 22:12:45 ----A---- C:\Windows\system32\xinput1_2.dll
2009-06-01 22:12:45 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-06-01 22:12:44 ----A---- C:\Windows\system32\xinput1_1.dll
2009-06-01 22:12:44 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-06-01 22:12:43 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-06-01 22:12:35 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-06-01 22:12:34 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-06-01 22:12:34 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-06-01 22:12:33 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-06-01 22:12:33 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-06-01 22:12:32 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-06-01 22:12:32 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-05-22 16:45:22 ----D---- C:\Program Files\Mozilla Firefox
======List of files/folders modified in the last 1 months======
2009-06-09 22:39:21 ----D---- C:\Windows\Prefetch
2009-06-09 22:39:04 ----D---- C:\Windows\Temp
2009-06-09 20:15:52 ----D---- C:\Windows\Tasks
2009-06-09 20:12:21 ----RD---- C:\Program Files
2009-06-09 20:12:21 ----D---- C:\Windows\system32\drivers
2009-06-09 20:12:21 ----D---- C:\Windows
2009-06-09 19:59:08 ----SHD---- C:\System Volume Information
2009-06-09 17:01:13 ----HD---- C:\ProgramData
2009-06-09 16:37:26 ----D---- C:\Windows\system32\catroot
2009-06-09 16:37:25 ----D---- C:\Windows\winsxs
2009-06-09 16:24:12 ----D---- C:\Windows\system32\catroot2
2009-06-09 16:16:13 ----SHD---- C:\Windows\Installer
2009-06-09 16:09:09 ----D---- C:\Windows\Minidump
2009-06-09 06:57:05 ----D---- C:\Program Files\SG2
2009-06-09 00:27:12 ----D---- C:\ProgramData\Google Updater
2009-06-08 23:12:32 ----D---- C:\Windows\system32\en-US
2009-06-08 23:12:32 ----D---- C:\Windows\System32
2009-06-08 23:07:37 ----D---- C:\Windows\system32\WDI
2009-06-08 23:05:47 ----A---- C:\Windows\system.ini
2009-06-08 23:03:44 ----D---- C:\Windows\system32\config
2009-06-08 23:01:35 ----D---- C:\Windows\AppPatch
2009-06-08 23:01:34 ----D---- C:\Program Files\Common Files
2009-06-08 22:50:33 ----D---- C:\Users\Julie\AppData\Roaming\Mozilla
2009-06-08 16:19:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-08 16:19:55 ----D---- C:\Windows\inf
2009-06-06 22:41:11 ----D---- C:\Windows\rescache
2009-06-06 22:25:33 ----D---- C:\Windows\system32\Tasks
2009-06-06 22:23:11 ----A---- C:\Windows\ntbtlog.txt
2009-06-05 12:00:12 ----RSD---- C:\Windows\assembly
2009-06-05 12:00:12 ----D---- C:\Windows\Microsoft.NET
2009-06-05 11:12:12 ----SD---- C:\Windows\Downloaded Program Files
2009-06-03 17:13:02 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-03 17:12:47 ----D---- C:\Program Files\Common Files\Apple
2009-06-02 00:56:33 ----D---- C:\Windows\system32\wbem
2009-06-02 00:56:01 ----D---- C:\Windows\system32\CodeIntegrity
2009-06-02 00:56:00 ----D---- C:\Windows\system32\spool
2009-06-02 00:56:00 ----D---- C:\Windows\registration
2009-05-14 03:02:14 ----D---- C:\ProgramData\Microsoft Help
2009-05-14 03:00:38 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx 86.sys [2009-03-12 258608]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx8 6.sys [2009-04-24 482352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-04-24 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090604. 001\IDSvix86.sys [2009-01-29 292912]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\Windows\system32\drivers\NIS\1005000.087\SR TSPX.SYS [2009-03-12 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-03-12 25136]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI .SYS [2009-03-12 217392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-23 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-23 8704]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-12-10 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-12-10 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-24 101936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-23 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-23 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-01-11 32272]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-01-11 32528]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 9.037\NAVENG.SYS [2009-06-03 89104]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 9.037\NAVEX15.SYS [2009-06-03 876144]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-12-10 50688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP. SYS [2009-03-12 307760]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-24 124464]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW. SYS [2009-03-12 89776]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDI SV.SYS [2009-03-12 39984]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-23 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-20 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-20 40448]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-12-10 220160]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-20 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SY MDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SY MREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 usbser;SkyCaddie USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-20 28160]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-12-10 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2008-07-28 44032]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-01-07 78104]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-23 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-27 34312]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-07-04 164600]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-10 30192]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-12-10 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
-----------------EOF-----------------
Reply With Quote
  #15  
Old June 10th, 2009, 04:52 AM
ibmjas ibmjas is offline
Member
 
Join Date: Oct 2004
Posts: 42
Tom,
Things seem to be running much better now. I haven't seen any more unsolicited web pages pop up since running the malware removal. Thanks for your help.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
yellow exclamation point warning, then anti-spyware site pops up, hjt report here larryphrank Malware Removal 17 May 11th, 2006 04:22 PM
Browser randomly pops up with some weird site when I log on sara_danielle Malware Removal 7 February 7th, 2005 08:24 AM
XP info site.... Harrie The Anything Else Board 1 October 17th, 2002 12:24 PM
info storing on web site jclark Web Development & Graphic Design 1 May 3rd, 2001 10:59 AM


All times are GMT +1. The time now is 09:22 PM.