View Full Version : SynTPEnh.exe – Application error (i cant boot up computer)
learking1
2009-01-02, 03:00
computer will only boot up in safe more (sometimes) :(
Humbly and desperately seeking your help, happy new year. and please forgive...tried to be as detailed as possible :)
computer info:
dell, vostro 1500, vista business, version 6.0.6000 x86-based, Intel core 2 duo 2 ghz, ram 2g
Problem:
I got a blue screen crash, out of the “blue”.
When attempting to login to my user account password, a plain desktop background would appear but nothing would load up. I have to force the shut down by holding the power button. Tried to enter under guest same problem.
Upon restarting, offered me option for diagnostic:
Checked memory - ok,
Auto repair – unable
Entered under safe mode
the error checking – u know c drive, properties, disk management
Ran the following programs: Spybot, Ad aware, crap cleaner, disk cleanup, AFT cleaner, AVG, Super Antivirus – no problems reported
defrag said no need
Still locked out so
did a system restore to earliest possible point
allowed me to temporarily login in regular mode, at which point I updated skybot, antivirus, etc
ran spybot found 2 errors
one could not be fixed, instructed me to run again after restarting
the ERROR message is as follows:
SynTPEnh.exe – Application error
The instructions at 0x00401e36 referenced memory at 0x00000000. Memory could not be read.
So I restarted hoping to run spybot again at which point TOTAL LOSS, couldn’t event do a thing
So I downloaded Spybot update from another computer
installed it in the new computer but it didn’t detect the previous issue (did it not install the updated correctly? – double clicked on the executable file directed me to install)
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:54 PM, on 1/1/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg1.mail.yahoo.com/dc/launch?.rand=6jl23sedd3uk4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080504
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9444 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
If you still require help please do the following
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
learking1
2009-01-07, 01:54
thank you so much Katana
Logfile of random's system information tool 1.05 (written by random/random)
Run by LeronR at 2009-01-06 15:46:50
Microsoft® Windows Vista™ Business
System drive C: has 38 GB (27%) free of 140 GB
Total RAM: 2037 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:08 PM, on 1/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Users\LeronR\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LeronR.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=us&.partner=sbc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=4080504
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10568 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-23 1377576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-05 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-05-03 501384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-02 2055960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-05-03 325048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-02 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-02 1261336]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-26 154136]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-26 141848]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-12-02 36864]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-26 129560]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-03 857648]
""= []
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-03 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-03 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-01 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-09-26 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-08-31 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll, digeste.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autoRcd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34629fc6-5008-11dd-a919-001d09d559e0}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b264f26-1d20-11dd-9f49-001d09d559e0}]
shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d872724-7f00-11dd-b6c3-001d09d559e0}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2009-01-06 15:46:50 ----D---- C:\rsit
2009-01-02 00:06:37 ----D---- C:\Users\LeronR\AppData\Roaming\Malwarebytes
2009-01-02 00:06:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-01 20:44:24 ----D---- C:\Windows\system32\vmm32
2009-01-01 20:04:56 ----D---- C:\Program Files\Panda Security
2009-01-01 14:22:20 ----D---- C:\Windows\Registration
2008-12-31 08:41:46 ----D---- C:\Windows\$regcmp$(40)
2008-12-25 11:35:59 ----A---- C:\Windows\system32\zpeng25.dll
2008-12-25 11:35:59 ----A---- C:\Windows\system32\vsxml.dll
2008-12-23 17:09:18 ----D---- C:\Program Files\DRS-Digitrax Services
2008-12-23 17:09:18 ----A---- C:\Windows\telescre.ini
2008-12-23 17:09:10 ----A---- C:\Windows\uninst.exe
======List of files/folders modified in the last 1 months======
2009-01-06 15:47:08 ----D---- C:\Windows\Temp
2009-01-06 15:47:07 ----D---- C:\Windows\Prefetch
2009-01-06 15:27:24 ----D---- C:\Users\LeronR\AppData\Roaming\Skype
2009-01-06 10:29:33 ----D---- C:\Windows\System32
2009-01-06 10:29:33 ----D---- C:\Windows\inf
2009-01-06 10:29:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-06 10:14:50 ----D---- C:\Users\LeronR\AppData\Roaming\FileZilla
2009-01-06 01:57:27 ----SHD---- C:\System Volume Information
2009-01-06 00:40:00 ----D---- C:\Windows\Internet Logs
2009-01-05 23:34:50 ----D---- C:\Windows
2009-01-05 22:42:38 ----D---- C:\Windows\system32\drivers
2009-01-05 22:12:00 ----D---- C:\Windows\Minidump
2009-01-05 00:22:26 ----D---- C:\Program Files\FriendBlasterPro
2009-01-02 02:11:26 ----HD---- C:\ProgramData
2009-01-02 00:06:32 ----RD---- C:\Program Files
2009-01-01 20:45:07 ----SHD---- C:\Windows\Installer
2009-01-01 20:44:42 ----SD---- C:\Users\LeronR\AppData\Roaming\Microsoft
2009-01-01 20:44:24 ----D---- C:\Program Files\Dell
2009-01-01 20:04:29 ----SD---- C:\Windows\Downloaded Program Files
2009-01-01 19:40:39 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-01 17:24:45 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-01 17:19:58 ----D---- C:\Windows\system32\catroot2
2009-01-01 15:43:59 ----D---- C:\Windows\pss
2009-01-01 14:22:48 ----D---- C:\Windows\system32\wbem
2009-01-01 14:20:36 ----D---- C:\Windows\$regcmp$
2009-01-01 14:19:58 ----D---- C:\Windows\system32\config
2009-01-01 14:19:45 ----D---- C:\Windows\winsxs
2009-01-01 14:19:44 ----D---- C:\Windows\Tasks
2009-01-01 14:19:44 ----D---- C:\Windows\system32\ZoneLabs
2009-01-01 14:19:44 ----D---- C:\Windows\system32\spool
2009-01-01 14:19:44 ----D---- C:\Windows\system32\CodeIntegrity
2009-01-01 14:19:44 ----D---- C:\Users\LeronR\AppData\Roaming\NetMeter
2009-01-01 14:19:44 ----D---- C:\Users\LeronR\AppData\Roaming\dvdcss
2009-01-01 14:19:43 ----D---- C:\Program Files\Qlock
2009-01-01 14:19:38 ----D---- C:\Users\LeronR\AppData\Roaming\Sony
2009-01-01 14:19:38 ----D---- C:\Program Files\Sony
2009-01-01 14:19:37 ----D---- C:\Program Files\Vodafone
2009-01-01 14:19:37 ----D---- C:\Program Files\Sony Setup
2009-01-01 14:19:37 ----D---- C:\Program Files\Research In Motion
2009-01-01 14:19:37 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-01-01 14:19:37 ----D---- C:\Program Files\Common Files\Research In Motion
2009-01-01 14:19:36 ----SHD---- C:\found.001
2008-12-07 22:35:03 ----HD---- C:\$AVG8.VAULT$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-05 97928]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-07-02 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-05-03 320000]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-31 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-31 55024]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-11-13 293776]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-04-28 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-05-09 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-05-09 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-05-09 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-28 8192]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-05-10 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-05-03 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-28 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-28 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-26 1899008]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-02 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-02 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-05-03 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-03 182456]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-28 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-05-03 11264]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\Windows\system32\DRIVERS\avcstrm.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-01 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-05-21 101120]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\Windows\system32\DRIVERS\mstape.sys [2006-11-02 50048]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-01 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-06 611664]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-01 73728]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-05 231704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-01 102400]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-28 386560]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-21 654848]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-03 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-21 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-05-03 562176]
S4 CscService;Offline Files; C:\Windows\System32\svchost.exe [2006-11-02 22016]
-----------------EOF-----------------
INFO
info.txt logfile of random's system information tool 1.05 2009-01-06 15:47:10
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{80C13322-2085-49F5-8B19-2A9FA20F14E9}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}
Adobe After Effects CS3-->MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Library-->MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}
Adobe Encore CS3-->MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{99312C08-19A1-4B20-9F1D-3BCEED582278}
Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Soundbooth CS3-->MsiExec.exe /I{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
BUFFALO TurboUSB for FLASH/HDD-->C:\Windows\UN070410.EXE /U
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
FileZilla Client 3.1.0.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Free Registry Defrag-->"C:\Program Files\Registry Clean Expert\unins000.exe"
FriendBlasterPro-->"C:\Program Files\FriendBlasterPro\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSConfig CleanUp 1.2-->"C:\Program Files\MSConfig CleanUp\UninsHs.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NetMeter 1.1.3-->"C:\Program Files\NetMeter\unins000.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Qlock Lite-->"C:\Program Files\Qlock\uninstall.exe"
QuickSet-->MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Skype(R) Backup Tool-->C:\Program Files\Skype(R) Backup Tool\Uninstal.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeleScreen-32 PRO-->C:\Windows\uninst.exe -f"C:\Program Files\DRS-Digitrax Services\TeleScreen-32 PRO\DeIsL1.isu" -c"C:\Program Files\DRS-Digitrax Services\TeleScreen-32 PRO\_ISREG32.DLL"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite Runtime Components-->MsiExec.exe /X{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSnap-->C:\Program Files\WinSnap\uninst.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall (disabled)
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware
System event log
Computer Name: LeronR-PC3
Event Code: 33
Message: The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
Record Number: 52695
Source Name: volsnap
Time Written: 20090106101826.005776-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 52696
Source Name: Service Control Manager
Time Written: 20090106182958.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 52697
Source Name: Service Control Manager
Time Written: 20090106184628.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 6013
Message: The system uptime is 49746 seconds.
Record Number: 52698
Source Name: EventLog
Time Written: 20090106200042.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 7036
Message: The FLEXnet Licensing Service service entered the running state.
Record Number: 52699
Source Name: Service Control Manager
Time Written: 20090106233737.000000-000
Event Type: Information
User:
Application event log
Computer Name: LeronR-PC3
Event Code: 8211
Message: Successfully created scheduled restore point.
Record Number: 15802
Source Name: System Restore
Time Written: 20090106094008.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 15803
Source Name: VSS
Time Written: 20090106095047.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 15804
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090106141226.241776-000
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: LeronR-PC3
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 15805
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090106182933.000000-000
Event Type: Information
User:
Computer Name: LeronR-PC3
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 15806
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090106182933.000000-000
Event Type: Information
User:
Security event log
Computer Name: LeronR-PC3
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\SASENUM.SYS
Record Number: 20120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106064217.728976-000
Event Type: Audit Failure
User:
Computer Name: LeronR-PC3
Event Code: 4904
Message: An attempt was made to register a security event source.
Subject :
Security ID: S-1-5-18
Account Name: LERONR-PC3$
Account Domain: NONE
Logon ID: 0x3e7
Process:
Process ID: 0x169c
Process Name: C:\Windows\System32\VSSVC.exe
Event Source:
Source Name: VSSAudit
Event Source ID: 0xa8fe12
Record Number: 20121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106094008.111776-000
Event Type: Audit Success
User:
Computer Name: LeronR-PC3
Event Code: 4905
Message: An attempt was made to unregister a security event source.
Subject
Security ID: S-1-5-18
Account Name: LERONR-PC3$
Account Domain: NONE
Logon ID: 0x3e7
Process:
Process ID: 0x169c
Process Name: C:\Windows\System32\VSSVC.exe
Event Source:
Source Name: VSSAudit
Event Source ID: 0xa8fe12
Record Number: 20122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106094008.111776-000
Event Type: Audit Success
User:
Computer Name: LeronR-PC3
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
Record Number: 20123
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106182707.679576-000
Event Type: Audit Failure
User:
Computer Name: LeronR-PC3
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\avgrsstx.dll
Record Number: 20124
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090106182707.729576-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"tvdumpflags"=8
-----------------EOF-----------------
There is no obvious sign of infection, did you run any "Registry Cleaners" about the time the problem started ?
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
learking1
2009-01-07, 19:13
after praying to the computer gods, i managed to enter safe mode and did a restore from an even earlier point
this allowed me to boot up and i quickly ran windows live one care safety scan which did fix 10 registry error BUT
after that i still have gotten 2 blue screens and once it locked me out and wouldn't boot up
i did run a full dell diagnostics of the CD and it came up clean
so i still have some issue...what to do? is there anything you suggest?
thank you so much
Did you run Combofix ?
I would also uninstall Zone Alarm for the moment, it has been know to cause problems on some machines.
learking1
2009-01-07, 21:39
no i have yet to run combofix...the programs i've run are:
atf cleaner
crap cleaner
ad aware
spybot
malwarebytes
superanti spyware
windows defender
should I run combofix? and uninstall zone alarm permanently? is there another you recommend
should I run combofix? and uninstall zone alarm permanently? is there another you recommend
Please run Combofix and post the log.
I you uninstall Zone Alarm and the problems go away, then we can discuss alternatives.
If the problem still exists, then you can reinstall it :)
learking1
2009-01-08, 05:45
in my taskbar by the clock a message popped up
CF29160.exe
the file or directory C windows winsxs backup
is corrupt or unreadable please run the chkdisk utility
ComboFix 09-01-07.02 - LeronR 2009-01-07 19:33:25.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2037.1226 [GMT -8:00]
Running from: c:\users\LeronR\Downloads\cleanup exe\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
.
((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.
2009-01-06 15:46 . 2009-01-06 15:47 <DIR> d-------- C:\rsit
2009-01-04 20:49 . 2009-01-05 22:11 257,462,301 --a------ c:\windows\MEMORY.DMP
2009-01-02 00:06 . 2009-01-02 00:06 <DIR> d-------- c:\users\LeronR\AppData\Roaming\Malwarebytes
2009-01-02 00:06 . 2009-01-02 00:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-02 00:06 . 2009-01-05 22:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 00:06 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-02 00:06 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-01 20:44 . 2009-01-01 20:44 <DIR> d-------- c:\windows\System32\vmm32
2009-01-01 20:05 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-01-01 20:04 . 2009-01-01 20:04 <DIR> d-------- c:\program files\Panda Security
2008-12-31 08:41 . 2008-12-31 08:43 <DIR> d-------- c:\windows\$regcmp$(40)
2008-12-25 11:35 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2008-12-23 17:09 . 2008-12-23 17:09 <DIR> d-------- c:\program files\DRS-Digitrax Services
2008-12-23 17:09 . 1996-07-18 13:06 297,472 --a------ c:\windows\uninst.exe
2008-12-23 17:09 . 2001-05-08 07:41 911 --a------ c:\windows\telescre.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 03:32 --------- d-----w c:\users\LeronR\AppData\Roaming\Skype
2009-01-07 04:36 --------- d-----w c:\users\LeronR\AppData\Roaming\dvdcss
2009-01-07 04:04 --------- d-----w c:\program files\FriendBlasterPro
2009-01-06 18:14 --------- d-----w c:\users\LeronR\AppData\Roaming\FileZilla
2009-01-06 06:14 348,370 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-01-02 04:44 --------- d-----w c:\program files\Dell
2009-01-02 03:40 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-02 01:24 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-01 22:19 --------- d-----w c:\users\LeronR\AppData\Roaming\Sony
2009-01-01 22:19 --------- d-----w c:\users\LeronR\AppData\Roaming\NetMeter
2009-01-01 22:19 --------- d-----w c:\program files\Vodafone
2009-01-01 22:19 --------- d-----w c:\program files\Sony Setup
2009-01-01 22:19 --------- d-----w c:\program files\Sony
2009-01-01 22:19 --------- d-----w c:\program files\Research In Motion
2009-01-01 22:19 --------- d-----w c:\program files\Qlock
2009-01-01 22:19 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-01 22:19 --------- d-----w c:\program files\Common Files\Research In Motion
2008-12-21 20:18 1,880,726 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-30 21:25 30,152,314 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_11_29_17_04_41_full.dmp.zip
2008-11-26 02:24 --------- d-----w c:\users\LeronR\AppData\Roaming\PeerNetworking
2008-11-24 20:48 --------- d-----w c:\users\LeronR\AppData\Roaming\Research In Motion
2008-11-24 20:41 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-11-24 20:41 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-24 20:40 --------- d-----w c:\program files\Roxio
2008-11-13 23:19 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys
2008-11-10 14:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 07:28 --------- d-----w c:\users\LeronR\AppData\Roaming\Publish Providers
2008-11-10 07:17 --------- d-----w c:\program files\Vstplugins
2008-11-03 19:09 404,562 ----a-w c:\windows\E220AutoRunLog.tmp
2008-10-19 04:58 37,802,166 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_10_19_01_04_59_full.dmp.zip
2008-10-18 21:08 19,786,366 ----a-w c:\users\LeronR\skypeinfos.zip
2008-05-03 17:08 174 --sha-w c:\program files\desktop.ini
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-03 17:18 76 --sh--r c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-02 1261336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-26 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-26 141848]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-02 36864]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-26 129560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 857648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-05-03 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-08-31 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 17:24 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, digeste.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-06-08 12:24 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-03 09:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 04:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2917577094-533919459-2397586933-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9971B09A-74F3-4287-8A4E-CCE32406BF45}"= Profile=Private|c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{0F0E2958-E846-4425-8B71-2AA525249A64}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{4E19CEF4-FDCF-4332-AF97-F2C11EBE9E1F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{89CC9FCF-4860-4B14-80A1-BC147127688D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{485FCED6-927B-4BB0-8B10-6C8BB714EEA3}"= Profile=Private|c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E817DF73-0336-47E1-AB3A-DFE6D76FDE3D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E8B4B05-87FD-40C2-B078-064EEC577B1D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E879D808-4805-436B-BF40-52029F900443}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{976949CA-6DEF-4FD5-9ED4-354C2E420545}"= Disabled:UDP:3703:Adobe Version Cue CS3 Server
"{F56BA28C-7EC7-4127-91AC-3FBF45166430}"= Disabled:UDP:3704:Adobe Version Cue CS3 Server
"{0799733F-6103-4C95-97E0-7BF298F365FA}"= Disabled:UDP:50900:Adobe Version Cue CS3 Server
"{224025B4-F0E2-4D39-B70D-DDA3FFA619BE}"= Disabled:UDP:50901:Adobe Version Cue CS3 Server
"{1E05E163-6E8C-4D53-9B68-3540881A5BB9}"= UDP:c:\program files\FriendBlasterPro\FriendBlasterPro.exe:FriendBlasterPro
"{AE3071BB-01D4-4C49-B5E9-E3D756F3AB0B}"= TCP:c:\program files\FriendBlasterPro\FriendBlasterPro.exe:FriendBlasterPro
"{8D89551E-50F4-4D06-989D-02ED96D815BE}"= Disabled:UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6CC6432D-31A2-41D3-85FF-BA66973AC7F5}"= Disabled:TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{C8D1C7A1-CEE7-4B35-9301-83C6A93ABF3F}"= Disabled:c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{667619DE-2263-4C47-9136-1F05E2E3DB82}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{07000061-3A01-4F4E-A73C-37D57390642B}"= UDP:c:\program files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:Adobe After Effects CS3
"{DD8DE1F9-18D0-40FC-97E4-9150028B112C}"= TCP:c:\program files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:Adobe After Effects CS3
"{2EE46D8A-B85A-4C76-8844-895ACB2BCDA2}"= UDP:c:\program files\Adobe\Adobe Bridge CS3\Bridge.exe:Adobe Bridge CS3
"{CD0337C1-FE9D-4F92-A758-3723ACD6DE88}"= TCP:c:\program files\Adobe\Adobe Bridge CS3\Bridge.exe:Adobe Bridge CS3
"{8FD2A5DC-10A9-419B-BDA6-853C5E08BD8D}"= UDP:c:\program files\Adobe\Adobe Contribute CS3\Contribute.exe:Adobe Contribute CS3
"{16F05E80-A206-467A-8CD6-02D0080B1B52}"= TCP:c:\program files\Adobe\Adobe Contribute CS3\Contribute.exe:Adobe Contribute CS3
"{5415D284-9967-4C56-9C53-9C7E1F921002}"= UDP:c:\program files\Adobe\Adobe Device Central CS3\DeviceCentral.exe:Adobe Device Central CS3
"{524B2A46-1560-40D1-A3D7-AAF33FE9EC4D}"= TCP:c:\program files\Adobe\Adobe Device Central CS3\DeviceCentral.exe:Adobe Device Central CS3
"{D735C0CB-41B1-47B1-B914-3299CCC12BDD}"= UDP:c:\program files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:Adobe Dreamweaver CS3
"{6FA3AB5E-CDF7-4FC2-93BD-8C69EF58E98D}"= TCP:c:\program files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:Adobe Dreamweaver CS3
"{ED690E4C-C0FB-4D3B-824F-0412AF7526B2}"= UDP:c:\program files\Adobe\Adobe Encore CS3\Adobe Encore.exe:Adobe Encore CS3
"{80D833AE-83FD-4800-BD01-AB608BA1A9E1}"= TCP:c:\program files\Adobe\Adobe Encore CS3\Adobe Encore.exe:Adobe Encore CS3
"{3EC3BBD5-7A7A-4312-B4A1-DF732A6B0C34}"= UDP:c:\program files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe:Adobe ExtendScript Toolkit 2
"{8DC628E7-16FE-4B37-97BB-0722E256C447}"= TCP:c:\program files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe:Adobe ExtendScript Toolkit 2
"{F17141B2-E980-4F4D-9547-17826D5F7038}"= UDP:c:\program files\Adobe\Adobe Extension Manager\Extension Manager.exe:Adobe Extension Manager CS3
"{AFB57C48-3118-4CA6-96AB-13CBCBE0644E}"= TCP:c:\program files\Adobe\Adobe Extension Manager\Extension Manager.exe:Adobe Extension Manager CS3
"{0F22482E-F0AA-43F2-9655-6974E16FDB9D}"= UDP:c:\program files\Adobe\Adobe Fireworks CS3\Fireworks.exe:Adobe Fireworks CS3
"{96D2BCB2-B31B-4D43-B7DE-44BF5D6148E1}"= TCP:c:\program files\Adobe\Adobe Fireworks CS3\Fireworks.exe:Adobe Fireworks CS3
"{7BF00691-5CAC-423C-B6EB-C30DFA4BB985}"= UDP:c:\program files\Adobe\Adobe Flash CS3\Flash.exe:Adobe Flash CS3 Professional
"{1BD3BF28-048A-47A9-BDFD-1E9BFB507211}"= TCP:c:\program files\Adobe\Adobe Flash CS3\Flash.exe:Adobe Flash CS3 Professional
"{12DC0CD7-6A55-4AAC-B86C-865BCCE1A478}"= UDP:c:\program files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe:Adobe Flash CS3 Video Encoder
"{1EAA7FAB-2E67-4D06-9730-0D7F728CF83E}"= TCP:c:\program files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe:Adobe Flash CS3 Video Encoder
"{68BBE8A7-5937-4138-B947-6551918FE78A}"= UDP:c:\program files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe:Adobe Illustrator CS3
"{45C3BABB-79E3-4409-9FEE-06F71C599353}"= TCP:c:\program files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe:Adobe Illustrator CS3
"{F6C8EB26-12F4-4AC4-846A-9B6B32F75179}"= UDP:c:\program files\Adobe\Adobe InDesign CS3\InDesign.exe:Adobe InDesign CS3
"{0603A508-D718-4F07-A56B-BBE6448A45D8}"= TCP:c:\program files\Adobe\Adobe InDesign CS3\InDesign.exe:Adobe InDesign CS3
"{631001FE-56B5-4A8B-A571-EE1C60CE1D57}"= UDP:c:\program files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0
"{85628B6D-42D2-465A-BF8A-E481AB919611}"= TCP:c:\program files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0
"{B402E5C8-91C7-49B4-B54A-3FB59E8078EC}"= UDP:c:\program files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe:Adobe Stock Photos CS3
"{AFBA9C10-C5A0-4CB1-83D9-581A00E72C5F}"= TCP:c:\program files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe:Adobe Stock Photos CS3
"{63D8333F-C25B-41B4-B465-F8E8DA401D54}"= UDP:c:\program files\Adobe\Adobe Soundbooth CS3\Adobe Soundbooth CS3.exe:Adobe Soundbooth CS3
"{6EDC04E5-F9A3-47C4-812F-EE97679F7898}"= TCP:c:\program files\Adobe\Adobe Soundbooth CS3\Adobe Soundbooth CS3.exe:Adobe Soundbooth CS3
"{DB3BCF26-6FAB-401C-80A9-1D396C3AF8FC}"= UDP:c:\program files\Adobe\Adobe Photoshop CS3\Photoshop.exe:Adobe Photoshop CS3
"{F4C99A68-22A0-4BAF-AA23-85CE37F3CD41}"= TCP:c:\program files\Adobe\Adobe Photoshop CS3\Photoshop.exe:Adobe Photoshop CS3
"{D524B900-8D47-43A6-BD1C-5DF363BA9445}"= UDP:c:\program files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe:Adobe Premiere Pro CS3
"{66481B21-5C89-46FB-AF51-3BE9A3F552B8}"= TCP:c:\program files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe:Adobe Premiere Pro CS3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-01-01 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-05-22 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-05-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-05-03 7424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-05-03 73728]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 231704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\autoRcd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34629fc6-5008-11dd-a919-001d09d559e0}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b264f26-1d20-11dd-9f49-001d09d559e0}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d872724-7f00-11dd-b6c3-001d09d559e0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.intl=us&.partner=sbc
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc362.mail.yahoo.com/mc/welcome?.rand=9bm4ooai5nn9d|http://mail.google.com/mail/?ui=2&zx=1zn5xlh4i9y5&shva=1#inbox
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 19:37:07
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-07 19:39:35
ComboFix-quarantined-files.txt 2009-01-08 03:39:32
Pre-Run: 47,203,192,832 bytes free
Post-Run: 46,986,723,328 bytes free
245 --- E O F --- 2008-05-12 16:58:21
in my taskbar by the clock a message popped up
CF29160.exe
the file or directory C windows winsxs backup
is corrupt or unreadable please run the chkdisk utility
Nothing to worry about, it's just because of Vista permissions.
Have you uninstalled Zone Alarm yet ?
How are things running ?
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
learking1
2009-01-09, 01:42
so far so good
the panda scan detected some cookies nothing ad aware can remove - i think
i guess thats it for now? if i do get another blue screen i will uninstall zone alarm and see how it goes from there...thoughts....
thank you so much :)
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-08 14:52:16
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.4205.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@trafficmp[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.tribalfusion.com/]
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.anm.co.uk/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@com[1].txt
00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.hotlog.ru/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.bs.serving-sys.com/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[server.iad.liveperson.net/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.questionmarket.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.bravenet.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Microsoft\Windows\Cookies\leronr@did-it[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\LeronR\AppData\Roaming\Mozilla\Firefox\Profiles\5zjeaf9p.default\cookies.txt[citi.bridgetrack.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location ����� C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ����� C5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Cookies are nothing to worry about :)
If you look below, I give a link to a couple of good Temp/Cookie cleaners.
There is certainly no malware that would be giving problems, so if the BSOD happens again I would try the Zone Alarm uninstall.
If that doesn't help, then I would seek assistance at one of the tech forums as it may be a hardware problem.
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.