View Full Version : windows explorer shuts down and restarts randomly
Hi
I am new at this so hopefully I posted this in the forum.
It has been days now that randomly I get a pop up saying windows explorer is shutting down and right after words I get another pop up saying windows explorer will start now. I scanned my computer with avira also with spybot and malwarebytes and nothing showed up exept for the usual tracking cookies. Still the problem persists. So I downloaded hijackthis and did a scan.
My computer is a 2.4 ghz processor 2 gigs ram running vista premium and 500 gig hard drive
Please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:02 AM, on 4/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\sttray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\FSScrCtl.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60262
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SVIEBHO Class - {B3C54716-9D0A-4666-A81A-6072A6325A5A} - C:\Program Files\SelectView\svie.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2065844290-291699721-3380298128-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Canon IJ Status Monitor Canon MP470 series Printer.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Saver Control.lnk = C:\Windows\FSScrCtl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Forget Me Not.lnk = Broderbund\AG CreataCard\AGRemind.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: SelectView - {16D60F96-2FF6-40b2-96D3-C32170E45A01} - C:\Program Files\SelectView\svie.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZXYVTTDQIN - Unknown owner - C:\Users\Jerry\AppData\Local\Temp\ZXYVTTDQIN.exe (file missing)
--
End of file - 16395 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitTorrent
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
here is the two logs from rsit as you requested and again thanks
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jerry at 2009-05-01 00:07:08
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 175 GB (38%) free of 467 GB
Total RAM: 2045 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:34 AM, on 5/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\sttray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\FSScrCtl.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jerry\Desktop\jerry\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jerry.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60262
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - C:\PROGRA~1\HITWAR~1\sypcms.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SVIEBHO Class - {B3C54716-9D0A-4666-A81A-6072A6325A5A} - C:\Program Files\SelectView\svie.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2065844290-291699721-3380298128-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Canon IJ Status Monitor Canon MP470 series Printer.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Saver Control.lnk = C:\Windows\FSScrCtl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Forget Me Not.lnk = Broderbund\AG CreataCard\AGRemind.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: SelectView - {16D60F96-2FF6-40b2-96D3-C32170E45A01} - C:\Program Files\SelectView\svie.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/installers/Copysafe.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZXYVTTDQIN - Unknown owner - C:\Users\Jerry\AppData\Local\Temp\ZXYVTTDQIN.exe (file missing)
--
End of file - 16647 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GlaryInitialize.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0549E6CB-9985-42F6-8FD6-4EC017E6AAE1}]
PopThis BHO - C:\Program Files\Surfapps.com\PopThis! Free Version\PopThis.dll [2004-04-14 135168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2008-09-12 1187328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{604B283A-4E26-4504-98E7-72859F949547}]
Hitware Popup Killer Lite - C:\PROGRA~1\HITWAR~1\sypcms.dll [2004-02-13 150528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-06-09 2193280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3C54716-9D0A-4666-A81A-6072A6325A5A}]
SVIEBHO Class - C:\Program Files\SelectView\svie.dll [2007-06-06 720896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]
PDF-XChange Viewer IE-Plugin - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [2008-11-10 1094936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2007-03-16 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-20 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-06-09 2193280]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-01-15 878352]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2008-09-12 1187328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
""= []
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"ECenter"=c:\dell\E-Center\EULALauncher.exe [2007-03-16 17920]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"TrayServer"=C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe [2008-02-07 90112]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-04-20 2053320]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [2008-06-12 266497]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-25 516440]
"AmazonGSDownloaderTray"=C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [2009-04-06 247296]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-20 148888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"HitwarePKLite"=C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe [2004-02-13 174592]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-15 342848]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-01-30 2542528]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-30 1830128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SansaDispatch"=C:\Users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2009-04-30 79872]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Canon IJ Status Monitor Canon MP470 series Printer.lnk - C:\Windows\system32\rundll32.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Screen Saver Control.lnk - C:\Windows\FSScrCtl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-04-20 335048]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{068742a3-eac4-11dd-a0cf-0019d17fe1d5}]
shell\AutoRun\command - O:\LaunchU3.exe -a
======File associations======
.reg - open - regedit.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-05-01 00:07:08 ----D---- C:\rsit
2009-04-30 18:55:47 ----D---- C:\Users\Jerry\AppData\Roaming\SanDisk
2009-04-30 17:24:11 ----D---- C:\Program Files\Auslogics
2009-04-26 20:05:06 ----D---- C:\Program Files\cdrtfe
2009-04-21 00:00:13 ----A---- C:\Windows\system32\javaws.exe
2009-04-21 00:00:13 ----A---- C:\Windows\system32\javaw.exe
2009-04-21 00:00:13 ----A---- C:\Windows\system32\java.exe
2009-04-21 00:00:13 ----A---- C:\Windows\system32\deploytk.dll
2009-04-18 04:15:27 ----D---- C:\Users\Jerry\AppData\Roaming\OpenOffice.org
2009-04-18 04:11:35 ----D---- C:\Program Files\JRE
2009-04-18 04:11:29 ----D---- C:\Program Files\OpenOffice.org 3
2009-04-17 02:17:41 ----D---- C:\4c705c913133e00c3bdb7c66a5
2009-04-14 16:59:29 ----A---- C:\Windows\system32\winhttp.dll
2009-04-14 16:59:28 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-14 16:59:28 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-14 16:59:23 ----A---- C:\Windows\system32\rpcss.dll
2009-04-14 16:59:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-14 16:59:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-14 16:59:22 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-14 16:59:22 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-14 16:59:22 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-14 16:59:22 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-14 16:59:22 ----A---- C:\Windows\system32\iashost.exe
2009-04-14 16:59:22 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-14 16:59:22 ----A---- C:\Windows\system32\iasads.dll
2009-04-14 16:59:20 ----A---- C:\Windows\system32\secur32.dll
2009-04-14 16:59:20 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-14 16:59:20 ----A---- C:\Windows\system32\kernel32.dll
2009-04-14 16:59:19 ----A---- C:\Windows\system32\apilogen.dll
2009-04-14 16:59:19 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 16:59:16 ----A---- C:\Windows\system32\mshtml.dll
2009-04-14 16:59:15 ----A---- C:\Windows\system32\ieframe.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\wininet.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\urlmon.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\occache.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-14 16:59:14 ----A---- C:\Windows\system32\iertutil.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-14 16:59:14 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 16:59:13 ----A---- C:\Windows\system32\mstime.dll
2009-04-14 16:59:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-14 16:59:13 ----A---- C:\Windows\system32\ieencode.dll
2009-04-12 19:33:54 ----D---- C:\Users\Jerry\AppData\Roaming\Intuit
2009-04-12 19:32:55 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2009-04-12 19:25:07 ----D---- C:\ProgramData\Intuit
2009-04-12 19:25:07 ----D---- C:\Program Files\Common Files\Intuit
2009-04-12 19:24:45 ----D---- C:\Program Files\TurboTax
2009-04-12 19:21:35 ----D---- C:\ProgramData\Amazon
2009-04-12 19:21:04 ----D---- C:\Program Files\Amazon
======List of files/folders modified in the last 1 months======
2009-05-01 00:06:35 ----D---- C:\Program Files\Crawler
2009-05-01 00:03:36 ----D---- C:\Users\Jerry\AppData\Roaming\DNA
2009-05-01 00:01:45 ----D---- C:\Program Files\SelectView
2009-05-01 00:01:20 ----D---- C:\Windows\Temp
2009-04-30 18:31:38 ----SHD---- C:\System Volume Information
2009-04-30 17:35:37 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-30 17:24:11 ----RD---- C:\Program Files
2009-04-28 13:54:29 ----D---- C:\Users\Jerry\AppData\Roaming\LimeWire
2009-04-28 06:43:43 ----D---- C:\Program Files\a-squared Free
2009-04-26 20:00:11 ----D---- C:\Program Files\cdrfe14
2009-04-26 15:14:32 ----D---- C:\Windows\System32
2009-04-26 15:14:32 ----D---- C:\Windows\inf
2009-04-26 15:14:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-26 02:00:22 ----D---- C:\Program Files\DNA
2009-04-26 01:56:45 ----AD---- C:\Windows
2009-04-26 01:56:38 ----D---- C:\Windows\system32\drivers
2009-04-26 01:56:38 ----D---- C:\Windows\system32\catroot
2009-04-26 01:56:37 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-25 23:08:16 ----SD---- C:\Windows\Downloaded Program Files
2009-04-25 00:00:45 ----D---- C:\Windows\system32\catroot2
2009-04-24 05:38:11 ----SHD---- C:\Windows\Installer
2009-04-24 05:38:04 ----D---- C:\Program Files\Opera
2009-04-22 04:31:43 ----D---- C:\Users\Jerry\AppData\Roaming\SUPERAntiSpyware.com
2009-04-22 04:31:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-22 01:04:05 ----D---- C:\Users\Jerry\AppData\Roaming\ImgBurn
2009-04-20 23:59:13 ----D---- C:\Program Files\Java
2009-04-20 23:48:24 ----D---- C:\Users\Jerry\AppData\Roaming\OnlineArmor
2009-04-20 23:27:51 ----D---- C:\ProgramData\OnlineArmor
2009-04-18 04:13:24 ----RSD---- C:\Windows\assembly
2009-04-18 04:11:53 ----RSD---- C:\Windows\Fonts
2009-04-17 02:42:18 ----D---- C:\Windows\winsxs
2009-04-17 02:29:38 ----D---- C:\Program Files\Windows Mail
2009-04-17 02:29:37 ----D---- C:\Windows\system32\wbem
2009-04-17 02:29:36 ----D---- C:\Windows\system32\manifeststore
2009-04-17 02:29:36 ----D---- C:\Windows\AppPatch
2009-04-17 02:29:35 ----D---- C:\Program Files\Internet Explorer
2009-04-14 13:21:59 ----D---- C:\ProgramData\CanonIJPLM
2009-04-12 23:26:55 ----A---- C:\Windows\TaxACT07.ini
2009-04-12 19:32:55 ----D---- C:\Program Files\Common Files
2009-04-12 19:25:07 ----HD---- C:\ProgramData
2009-04-09 03:14:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-07 18:47:22 ----D---- C:\Program Files\Mozilla Firefox
2009-04-06 10:57:24 ----A---- C:\Windows\system32\mrt.exe
2009-04-05 19:46:34 ----D---- C:\Users\Jerry\AppData\Roaming\Canon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2008-07-17 33408]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-01-29 23976]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2009-04-20 197712]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2009-04-20 31824]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-01-29 103488]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys [2008-05-20 52032]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2007-06-09 5504]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2009-04-20 30800]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-15 47360]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-04 2313216]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 rkhdrv40;Rootkit Unhooker Driver; C:\Windows\system32\drivers\rkhdrv40.sys []
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys [2006-08-06 6977]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-04-28 425080]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-04-25 953168]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 AntiVirMailService;Avira AntiVir Premium MailGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-12-29 164097]
R2 AntiVirScheduler;Avira AntiVir Premium Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Premium Guard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe [2008-10-15 151297]
R2 antivirwebservice;Avira AntiVir Premium WebGuard; C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-04 557056]
R2 AVEService;Avira AntiVir Premium MailGuard helper service; C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\system32\bgsvcgen.exe [2008-07-17 145504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-01-28 13088]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2009-04-20 361160]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2007-06-29 126976]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-04-20 3259592]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 Amazon Download Agent;Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-04-06 319488]
S2 CSHelper;CopySafe Helper Service; C:\Windows\system32\CSHelper.exe []
S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 ZXYVTTDQIN;ZXYVTTDQIN; C:\Users\Jerry\AppData\Local\Temp\ZXYVTTDQIN.exe []
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-01 00:07:37
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
3D Fish School Screen Saver 4.2-->"C:\Program Files\3D Fish School 4\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
ACDSee Photo Editor-->MsiExec.exe /I{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AFPL Ghostscript 8.53-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Amazon Games & Software Downloader-->"C:\Program Files\Amazon\Amazon Games & Software Downloader\uninst\unins000.exe"
Amazon MP3 Downloader 1.0.3-->C:\Users\Jerry\Desktop\rosannefinal\Uninstall.exe
American Greetings CreataCard Select 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9770A25C-45A7-478E-AF50-4FDE53EED270}\setup.exe" -l0x9 anything
AnalogX Vocal Remover-->C:\Program Files\Audacity\Plug-Ins\AnalogX\VocalRemover\vremu.exe
Animated Aquaworld Screensaver 1.0-->"C:\Windows\unins001.exe"
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Any Video Converter 2.6.1-->"C:\Program Files\Any Video Converter\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AnyTV 2.11-->"C:\Program Files\FDRLab\AnyTV\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Avi2Dvd 0.4.5 beta-->C:\Program Files\Avi2Dvd\uninst.exe
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS DVDMenu Editor 1.1.1.18-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Converter 5.6-->"C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
AVS Video Editor 3.5-->"C:\Program Files\AVS4YOU\AVSVideoEditor\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bullzip PDF Printer 4.0.0.463-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
BurnOn CD&DVD, Version 3.1.0 ( Build 2007-4-2, Win32, )-->"C:\Program Files\BurnWorld\BurnOnCDDVD\unins000.exe"
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP470 series User Registration-->C:\Program Files\Canon\IJEREG\MP470 series\UNINST.EXE
Canon MP470 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDR Tools Front End v1.4 final-->"C:\Program Files\cdrfe14\uninstall\unins000.exe"
cdrtfe 1.3.4-->"C:\Program Files\cdrtfe\uninst\unins000.exe"
ChessBase 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7135B4D0-B2C1-4866-BAE0-1C8CDD0C7CDC}\Setup.exe"
ChessBase Reader-->"C:\Program Files\ChessBase\Reader\Remove.exe" /U:"C:\Program Files\ChessBase\Reader\Remove.log"
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CodecInstaller 2.5.4-->C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
ConvertXtoDVD 3.1.2.34-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
CopySafe Plugin-->C:\PROGRA~1\Copysafe\UNWISE.EXE C:\PROGRA~1\Copysafe\INSTALL.LOG
CopySafe Plugin-->MsiExec.exe /X{A285E15B-62B6-4259-997D-DCD6F34CDA80}
CoreAAC Audio Decoder (remove only)-->"C:\Windows\system32\CoreAAC-uninstall.exe"
Corel Paint Shop Pro Photo XI-->MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Crawler Toolbar-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dark Halloween Night 3D 1.0-->"C:\Windows\unins003.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Digital Video Converter v1.7.0.24-->"C:\Program Files\Digital Video Converter\Uninstall.exe" "C:\Program Files\Digital Video Converter\install.log" -u
DivxToDVD 0.5.2b-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD2SVCD 1.2.3 Build 1-->"C:\Program Files\DVD2SVCD\unins000.exe"
DVDStyler v1.6.2-->"C:\Program Files\DVDStyler\unins000.exe"
EndItAll 2.0-->"C:\Program Files\EndItAll\unins000.exe"
ExtractNow-->"C:\Program Files\ExtractNow\unins000.exe"
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
Free Fire Screensaver-->C:\Program Files\Free Fire Screensaver\uninstall.exe
Fritz9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E11A7A62-FBD9-4575-B874-B482DF213467}\Setup.exe" -l0x9
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Glary Utilities 2.5.3-->"C:\Program Files\Glary Utilities\unins000.exe"
GoldWave v5.25-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.25" "C:\Program Files\GoldWave\unstall.log"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitware Popup Killer Lite-->C:\PROGRA~1\HITWAR~1\UNWISE.EXE C:\PROGRA~1\HITWAR~1\INSTALL.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\HUFFYUV.INF
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) Viiv(TM) Software-->MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LightScribe Diagnostic Utility-->MsiExec.exe /X{F017FE7B-6731-45E7-8229-7AFD9A945CF8}
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Magic Photo Editor 3.9-->"C:\Program Files\Magic Photo Editor\unins000.exe"
MAGIX Movie Edit Pro 14 PLUS Trial 7.5.2.12 (US)-->C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\unwise.exe
MAGIX Screenshare 4.3.6.1987 (US)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
MAGIX Xtreme Photo Designer 6 6.0.24.0 (US)-->C:\Program Files\MAGIX\Xtreme_Photo_Designer_6\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSA20XX Device Manager-->C:\Program Files\InstallShield Installation Information\{9413C04B-F66A-48F6-8276-0D0ACF0E41B7}\setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicnotes Player V1.23.2-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Mysterious Forest Screensaver 1.1-->"C:\Windows\unins000.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OneTouch 4.0-->MsiExec.exe /I{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}
Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PandoraRecovery (Remove Only)-->"C:\Program Files\Pandora Recovery\Uninstall.exe"
PDF Text Reader-->MsiExec.exe /I{17D95DC6-0FF1-40CF-9C09-B7C8B314D45B}
PDFill PDF Tools (FREE)-->MsiExec.exe /I{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe"
Performance Dashboard Snappyads-->C:\Windows\system32\rkepkiwuzcilmqry.exe
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Pocket Tanks v1.3-->"C:\Program Files\Pocket Tanks\unins000.exe"
PopThis! Free Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B855BA8-B521-46EB-A1D3-4B17662C717F}\Setup.exe" -l0x9
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Retoucher-->"C:\Program Files\AKVIS\Retoucher\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Retoucher\Uninstall\install.log" -u
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /X{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
ScanSoft PaperPort Viewer 7.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort Viewer\Uninst.isu"
Scrapbooks Plus Workshop-->MsiExec.exe /X{99F0545E-D93D-481D-8088-7F50FD76DE55}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SelectView Filter-->C:\Windows\system32\regsvr32.exe /u /s "C:\Program Files\SelectView\svie.dll"
Serials 2005-->MsiExec.exe /I{A31838F1-8E0D-4CA3-A40A-20825B92F125}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundSoap PE-->MsiExec.exe /I{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Studio 11 Bonus DVD-->C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Ultimate-->C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x0009 -removeonly
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
SUPER © Version 2008.bld.30 (Mar 22, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SureThing CD Labeler 4 SE-->C:\Windows\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Task Killer (remove only)-->\uninstall.exe
TaxACT 2007-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta07.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
The American Girls Premiere-->C:\Windows\uninst.exe -f"C:\program files\TLC\The American Girls Premiere\DeIsL1.isu"
The Proxomitron Ver. Naoko-4.5-->"C:\Program Files\Proxomitron Naoko-4\unins000.exe"
The Unblock Websites Proxy Program (a freeware Websites Proxy P-->"M:\unblock\UWPP\unins000.exe"
TMPGEnc 4.0 XPress-->MsiExec.exe /I{72511416-7F2E-48F6-8D48-9A7176F44403}
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{4EF35707-7052-4331-B8FD-549DB3922AD7}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Home & Business 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
UltraISO Premium V9.2-->"C:\Program Files\UltraISO\unins000.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VideoReDo/Plus Version 2.5.6.512-->"C:\Program Files\VideoReDoPlus\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wopti Utilities-->"C:\Program Files\Wopti\unins000.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\Windows\cache\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YoGen Vocal Remover 3.3.6-->MsiExec.exe /I{CCF424F5-12FB-4958-993F-53DA2DFF73C8}
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe
======Hosts File======
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
======Security center information======
AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender (disabled)
AS: SUPERAntiSpyware
======System event log======
Computer Name: Jerry-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 189542
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090501033353.000000-000
Event Type: Warning
User:
Computer Name: Jerry-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 189543
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090501033353.000000-000
Event Type: Warning
User:
Computer Name: Jerry-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 189544
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090501033440.000000-000
Event Type: Warning
User:
Computer Name: Jerry-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 189545
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090501033452.000000-000
Event Type: Warning
User:
Computer Name: Jerry-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 189546
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090501033452.000000-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: Jerry-PC
Event Code: 1002
Message: The program wmplayer.exe version 11.0.6001.7004 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1f40 Start Time: 01c9c99ad44184e0 Termination Time: 28
Record Number: 26745
Source Name: Application Hang
Time Written: 20090430135728.000000-000
Event Type: Error
User:
Computer Name: Jerry-PC
Event Code: 1002
Message: The program SUPERAntiSpyware.exe version 4.26.0.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1290 Start Time: 01c9c6344913e54f Termination Time: 60000
Record Number: 26755
Source Name: Application Hang
Time Written: 20090430200747.000000-000
Event Type: Error
User:
Computer Name: Jerry-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {db9fbfc2-2889-4106-9a33-1ed7f62cca07}
Record Number: 26756
Source Name: VSS
Time Written: 20090430211358.000000-000
Event Type: Error
User:
Computer Name: Jerry-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {db9fbfc2-2889-4106-9a33-1ed7f62cca07}
Record Number: 26758
Source Name: VSS
Time Written: 20090430211820.000000-000
Event Type: Error
User:
Computer Name: Jerry-PC
Event Code: 1002
Message: The program wmplayer.exe version 11.0.6001.7004 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1da0 Start Time: 01c9c9e200755090 Termination Time: 101
Record Number: 26762
Source Name: Application Hang
Time Written: 20090430222235.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Jerry-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x614bbb8
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 232394
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090330210547.159953-000
Event Type: Audit Success
User:
Computer Name: Jerry-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x6187f60
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: DFTXST11
Source Network Address: 192.168.1.103
Source Port: 4976
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 232395
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090330211747.920953-000
Event Type: Audit Success
User:
Computer Name: Jerry-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x6187f60
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 232396
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090330211748.106953-000
Event Type: Audit Success
User:
Computer Name: Jerry-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x61884ab
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: DFTXST11
Source Network Address: 192.168.1.103
Source Port: 4976
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 232397
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090330211748.255953-000
Event Type: Audit Success
User:
Computer Name: Jerry-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x61884ab
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 232398
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090330211748.397953-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
-----------------EOF-----------------
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Combofix log
Kaspersky Log
How are things running now ?
Here are the logs from combo fix and kaspersky
ComboFix 09-05-02.4 - Jerry 05/01/2009 22:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.951 [GMT -4:00]
Running from: c:\users\Jerry\Desktop\jerry\ComboFix.exe
.
ADS - Windows: deleted 48 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jerry\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.
2009-05-01 21:01 . 2009-05-01 21:01 -------- d-----w c:\users\Jerry\AppData\Roaming\Avira
2009-05-01 20:56 . 2009-05-01 20:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-01 20:55 . 2009-05-01 20:55 -------- d-----w c:\program files\Avira
2009-05-01 04:07 . 2009-05-01 04:07 -------- d-----w C:\rsit
2009-04-30 22:55 . 2009-04-30 22:55 -------- d-----w c:\users\Jerry\AppData\Roaming\SanDisk
2009-04-30 21:24 . 2009-04-30 21:24 -------- d-----w c:\program files\Auslogics
2009-04-30 20:07 . 2009-05-02 02:11 -------- d-----w c:\users\Jerry\AppData\Local\Temp
2009-04-27 00:05 . 2009-04-27 00:05 -------- d-----w c:\program files\cdrtfe
2009-04-26 05:56 . 2009-04-25 19:53 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-21 04:00 . 2009-04-21 03:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 08:15 . 2009-04-18 08:15 -------- d-----w c:\users\Jerry\AppData\Roaming\OpenOffice.org
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\JRE
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-17 06:17 . 2009-04-17 06:17 -------- d-----w C:\4c705c913133e00c3bdb7c66a5
2009-04-12 23:33 . 2009-04-12 23:33 -------- d-----w c:\users\Jerry\AppData\Roaming\Intuit
2009-04-12 23:32 . 2009-04-12 23:32 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-12 23:25 . 2009-04-12 23:29 -------- d-----w c:\programdata\Intuit
2009-04-12 23:25 . 2009-04-12 23:29 -------- d-----w c:\users\All Users\Intuit
2009-04-12 23:25 . 2009-04-12 23:28 -------- d-----w c:\program files\Common Files\Intuit
2009-04-12 23:24 . 2009-04-12 23:24 -------- d-----w c:\program files\TurboTax
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\programdata\Amazon
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\users\All Users\Amazon
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\program files\Amazon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 02:06 . 2008-09-02 01:20 -------- d-----w c:\program files\Crawler
2009-05-02 02:05 . 2008-06-16 12:35 -------- d-----w c:\program files\SelectView
2009-05-01 20:35 . 2008-04-24 07:57 -------- d-----w c:\program files\DNA
2009-05-01 20:34 . 2008-06-20 01:09 312 ----a-w c:\windows\Tasks\GlaryInitialize.job
2009-05-01 20:34 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-30 21:35 . 2008-06-20 02:58 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-30 19:13 . 2007-07-29 04:44 12962 ----a-w c:\users\Jerry\AppData\Roaming\wklnhst.dat
2009-04-28 10:43 . 2008-12-06 09:39 -------- d-----w c:\program files\a-squared Free
2009-04-27 19:54 . 2009-01-31 20:53 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-27 00:00 . 2009-02-14 15:07 -------- d-----w c:\program files\cdrfe14
2009-04-26 02:32 . 2009-04-26 02:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-26 02:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-26 02:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-26 02:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-26 02:28 . 2009-04-26 02:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-26 02:23 . 2009-04-26 02:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-26 02:23 . 2009-04-26 02:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-24 09:38 . 2008-11-01 23:22 -------- d-----w c:\program files\Opera
2009-04-22 08:31 . 2008-06-20 02:58 -------- d-----w c:\users\Jerry\AppData\Roaming\SUPERAntiSpyware.com
2009-04-22 08:31 . 2008-05-23 01:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 03:59 . 2007-06-09 17:26 -------- d-----w c:\program files\Java
2009-04-21 03:28 . 2008-12-29 10:07 30800 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-04-21 03:28 . 2008-12-29 10:07 197712 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-04-21 03:28 . 2008-12-29 10:07 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-04-18 08:20 . 2007-06-16 06:10 164392 ----a-w c:\users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 06:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-09 07:14 . 2008-08-09 22:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2008-08-09 22:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-09 22:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 03:09 . 2008-06-14 11:27 -------- d-----w c:\program files\SpywareBlaster
2009-03-28 19:40 . 2008-09-27 23:19 -------- d-----w c:\program files\COMODO
2009-03-17 03:38 . 2009-04-14 20:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 20:59 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:59 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 01:02 . 2008-07-18 22:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-10 05:27 . 2009-02-03 01:21 -------- d-----w c:\program files\Serials 2005
2009-03-07 20:54 . 2008-05-16 15:58 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 15:58 . 2008-12-17 13:43 226704 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-03 04:46 . 2009-04-14 20:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 20:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 20:59 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 20:59 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 20:59 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 20:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 20:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 20:59 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 20:59 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 20:59 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 20:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 20:59 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 20:59 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-14 20:59 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 20:59 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 04:33 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-04 13:45 . 2009-02-04 13:45 6 ----a-w c:\windows\Fonts\wfonts.key
2008-11-07 03:03 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-28 00:24 . 2008-02-28 00:24 2 --shatr c:\windows\winstart.bat
2007-10-21 22:28 . 2007-07-03 08:04 88 --sh--r c:\windows\System32\6CD8A889ED.sys
2007-10-21 22:28 . 2007-07-03 08:04 3764 --sha-w c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2008-05-15 06:23 31232 --sh--r c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-05-15 06:23 27648 --sh--w c:\windows\System32\Smab0.dll
2007-06-10 01:11 . 2007-06-10 01:10 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HitwarePKLite"="c:\program files\Hitware Popup Killer Lite\HitwarePKLite.exe" [2004-02-13 174592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-30 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-14 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe" [2008-02-07 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-21 2053320]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-25 516440]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-04-06 247296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-05-01 209153]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]
c:\users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon MP470 series Printer.lnk - c:\windows\system32\rundll32.exe [2006-11-2 44544]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2008-2-15 249344]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-9 50688]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-1-29 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-21 335048]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2065844290-291699721-3380298128-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DA0526AB-A575-4175-BECA-ECBD6F1FF7F9}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{66FE9438-FD07-4C98-9FEC-31D3A423DE76}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8C709780-F80C-40D4-9425-411C84F4793C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1B59405D-79DC-4A2B-AB1C-69CBE0B540CC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC4FBB94-DF2D-4699-9703-68F59168E5C1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{2F1BE20F-BE5D-479E-AC8D-8710C4628606}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{226E66CA-A57A-40BA-932A-A08C86CC5C80}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{43AFAA9B-F3D4-4391-B57E-CCEFCB3B2602}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{85018317-058D-4867-93E6-B7EC8C9AE1A4}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C0F705B5-0594-46C9-8B8F-51A365AE3D9D}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{4A320853-1195-4EA9-B0D1-4D7A05F638B4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{6B997C5D-8ED7-4E09-BB14-DF747B8EEBB7}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{036B6906-D059-46D6-BC54-05FE2F3ED390}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2AD9CA5F-EC0A-44C0-917B-D90EBEA6753A}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{F6149169-7DAD-4AFF-ADF2-6C20DBC830E7}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9ECE59DA-65BE-46F8-9797-A49B5BE3988D}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{13ED0B9B-358E-4135-87EC-A9DFC4D08EA5}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{9AC20DE3-A996-4DC8-931B-83B150A9644B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{B4CEFC73-604A-4FEB-88D9-6E52D1AB2614}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{22A51E98-A5C7-405E-8966-8C8BEB1CEA5C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0A9A55A1-05B3-404C-8462-66999DEA2B42}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4F0A4C86-8822-4D06-A1C0-E823308B6542}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0398028D-D6D0-492D-BB96-63486ECF3E62}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{04CE3329-2E98-4C11-8E0A-CB7CC49C2041}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-04-06 319488]
R2 AntiVirUpgradeService;Avira Upgrade Service; [x]
R2 CSHelper;CopySafe Helper Service; [x]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-04-21 3259592]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 ZXYVTTDQIN;ZXYVTTDQIN; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-04-21 197712]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-04-21 31824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-01 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-01 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-01 432897]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-01-29 13088]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2009-04-21 361160]
S2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [2007-06-29 126976]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-06-09 5504]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2009-04-21 30800]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ANTIVIRUPGRADESERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{068742a3-eac4-11dd-a0cf-0019d17fe1d5}]
\shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:53]
2009-05-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-06-20 17:22]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Lavasoft Ad-Aware Service
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
IE: {{16D60F96-2FF6-40b2-96D3-C32170E45A01} - {DA45FFEB-CD7D-4220-9B9B-F71967DE2B60} - c:\program files\SelectView\svie.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 22:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??t???:?a?s?m?????1?"?>? ?????h?e?a?d?>? ? ?? ????????p???0???????/sansa
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,57,ff,e0,f9,90,
c5,86,92,c8,28,51,af,b0,29,a3,98,d7,24,e4,f7,f9,0e,54,88,e2,63,26,f1,3f,c8,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,cf,89,ba,7a,6c,
62,a2,ec,71,3b,04,66,8b,46,0d,96,04,2b,4c,0c,47,65,4b,18,6a,9c,d6,61,af,45,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,40,be,ff,ce,
40,26,cc,25,da,ec,7e,55,20,c9,26,9c,1e,30,76,d4,bd,7b,d0,ff,7c,85,e0,43,d4,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,58,f2,e0,61,62,
25,b4,79,3e,1e,9e,e0,57,5a,93,61,90,01,8a,90,79,1f,96,dd,86,8c,21,01,be,91,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d2,2b,65,5e,68,
18,1c,5a,cd,44,cd,b9,a6,33,6c,cd,31,50,be,ac,8c,39,fd,a0,f5,1d,4d,73,a8,13,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,dd,05,c5,d8,c3,
ad,3f,e5,b0,18,ed,a7,3f,8d,37,a4,7c,45,1b,2b,2e,b8,14,e3,df,20,58,62,78,6b,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,09,fb,35,58,cc,
2c,58,51,31,77,e1,ba,b1,f8,68,02,b1,91,5e,22,87,d1,20,ea,fb,a7,78,e6,12,2f,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,96,dd,c1,66,e8,
9d,9b,5e,83,6c,56,8b,a0,85,96,ab,8d,5d,45,e8,4f,8f,d4,df,01,3a,48,fc,e8,04,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,3b,e0,4d,14,15,
be,20,dd,51,fa,6e,91,28,9e,14,cc,7c,7f,dc,5c,56,ff,7a,d2,f6,0f,4e,58,98,5b,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,cb,24,93,62,fd,
1b,21,9c,b1,cd,45,5a,a8,c4,f8,b9,f6,0c,90,a6,cc,7a,cd,2a,3d,ce,ea,26,2d,45,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,95,53,8c,ad,10,
82,bc,4a,e3,0e,66,d5,eb,bc,2f,6b,74,4a,b1,42,24,e1,b5,67,2a,b7,cc,b5,b9,7f,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ba,c8,3e,0b,96,
00,5e,7b,fa,ea,66,7f,d4,3b,6b,70,9f,3f,bf,16,3e,e0,91,32,6c,43,2d,1e,aa,22,\
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-02 22:14
ComboFix-quarantined-files.txt 2009-05-02 02:12
Pre-Run: 186,133,389,312 bytes free
Post-Run: 186,143,715,328 bytes free
428 --- E O F --- 2009-04-17 06:17
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 02, 2009 23:26:34
Records in database: 2121425
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Scan statistics:
Files scanned: 220057
Threat name: 7
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 04:33:09
File name / Threat name / Threats count
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Users\Jerry\Desktop\jerry\UBCD4WinV312.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Users\Jerry\Documents\LimeWire\Saved\bumblebee tuna - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
The selected area was scanned.
C:\Users\Jerry\Documents\LimeWire\Saved\bumblebee tuna - greatest hits.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
Now you know why we don't like P2P.
How are things running now ?
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\program files\DNA
c:\program files\LimeWire
c:\program files\BitTorrent
C:\Users\Jerry\Documents\LimeWire
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
"BitTorrent DNA"=-
"SUPERAntiSpyware"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=-
"ISUSPM Startup"=-
"Adobe Reader Speed Launcher"=-
"Ad-Watch"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0398028D-D6D0-492D-BB96-63486ECF3E62}"=-
"{04CE3329-2E98-4C11-8E0A-CB7CC49C2041}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
Reglock::
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
Driver::
ZXYVTTDQIN
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
ComboFix 09-05-03.1 - Jerry 05/03/2009 23:06.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1165 [GMT -4:00]
Running from: c:\users\Jerry\Desktop\jerry\ComboFix.exe
Command switches used :: c:\users\Jerry\Desktop\jerry\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.14.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\users\Jerry\Documents\LimeWire
c:\users\Jerry\Documents\LimeWire\Incomplete\ESQAMVBWPLIWCQ5VMPJFHDSGEFMCNUVC\.datDeep Throat 1972 VHS ripp XVID D-L33T3
c:\users\Jerry\Documents\LimeWire\Incomplete\ESQAMVBWPLIWCQ5VMPJFHDSGEFMCNUVC\Deep Throat 1972 VHS ripp XVID D-L33T3\Deep Throat 1972 VHS Ripp XVID D-L33T3.avi
c:\users\Jerry\Documents\LimeWire\Incomplete\ESQAMVBWPLIWCQ5VMPJFHDSGEFMCNUVC\Deep Throat 1972 VHS ripp XVID D-L33T3\Readme.txt
c:\users\Jerry\Documents\LimeWire\Incomplete\ESQAMVBWPLIWCQ5VMPJFHDSGEFMCNUVC\Deep Throat 1972 VHS ripp XVID D-L33T3\UKB_kvcd.nfo
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\.datAlex_Jones
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\TorrentChannel.nfo
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VIDEO_TS.BUP
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VIDEO_TS.IFO
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VIDEO_TS.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_0.BUP
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_0.IFO
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_1.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_2.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_3.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_4.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\MQL4QIN5BROUUHDS65OAAKMCDC6IGMWE\Alex_Jones\Terrorstorm_-_2006_-_DVD\VIDEO_TS\VTS_01_5.VOB
c:\users\Jerry\Documents\LimeWire\Incomplete\T-120531-Point At Dawg Iceberg.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-1395401-TRACK 2 - LIL WAYNE - THIS WHAT I DOSE ( WORLD PREMIRE ).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-182112260-Birdman ft. Lil wayne - I run this.mpg
c:\users\Jerry\Documents\LimeWire\Incomplete\T-2694251-Stacie Orrico - Stuck .MP3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-2823118-Nelly - Here Comes The Boom.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-2984784-Reckless Abandon.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3085931-Harry James - You Made Me Love You.MP3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3292075-feed birds.wma
c:\users\Jerry\Documents\LimeWire\Incomplete\T-344064-vogone KEYGEN.exe
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3584494-Yaz - Situation.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3588258-One Republic - Stop & Stare.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3600319-Issac Hayes - Cafe Regio's.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3607822-Jamiroqui- Virtual Insanity.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3682359-Archie - We Ready.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3710780-Radio Head - Nice Dreams.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-3897203-linda arnold [new album].au
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4117025-the farm - all together now.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4121633-The Farm - All Together Now.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4323832-the Chi-Lites - I Wanna Pay You Back.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4393565-Chris Cornell - Scream(1)(1).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4397260-Chris Cornell -Scream.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4401488-Chris Cornell - Scream(1).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4443072-Drake - Im Still Fly Ft Page .mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4456001-Everytime I Look For You.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4620583-Anouk - Everything (acoustic).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4882319-steps - Stomp.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-4888368-Crossfade - The Deep End.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5003725-03. Mr.Big - Wild World.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5167867-Metallica - Sad But True.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5210988-Bubba Sparxxx - Back in the mudd (Travis Barker Remix).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5584983-Gorilla Zoe- So Fly.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5663301-Hoobastank - The Reason.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5674179-Nelly- Here Comes the BOOM (The Longest Yard).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5724504-Akon Ft T-Pain-Holla Holla.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-5768844-07-Akon-Holla Holla Ft. T-Pain.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-6558585-Wicker Park Soundtrack - 1. Stereophonics - Maybe Tomorrow.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-6780054-Skillet - Say Goodbye.mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-8109012-Soul ll Soul - Keep on Moving .mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-8477593-Chris Botti - Someone To Watch Over Me(1).mp3
c:\users\Jerry\Documents\LimeWire\Incomplete\T-8897232-Metallica - The Day That Neverc Comes.mp3
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZXYVTTDQIN
-------\Service_ZXYVTTDQIN
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-01 21:01 . 2009-05-01 21:01 -------- d-----w c:\users\Jerry\AppData\Roaming\Avira
2009-05-01 20:56 . 2009-05-01 20:51 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-01 20:55 . 2009-05-01 20:55 -------- d-----w c:\program files\Avira
2009-05-01 04:07 . 2009-05-01 04:07 -------- d-----w C:\rsit
2009-04-30 22:55 . 2009-04-30 22:55 -------- d-----w c:\users\Jerry\AppData\Roaming\SanDisk
2009-04-30 21:24 . 2009-04-30 21:24 -------- d-----w c:\program files\Auslogics
2009-04-30 20:07 . 2009-05-04 03:12 -------- d-----w c:\users\Jerry\AppData\Local\Temp
2009-04-27 00:05 . 2009-04-27 00:05 -------- d-----w c:\program files\cdrtfe
2009-04-26 05:56 . 2009-04-25 19:53 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-21 04:00 . 2009-04-21 03:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-18 08:15 . 2009-04-18 08:15 -------- d-----w c:\users\Jerry\AppData\Roaming\OpenOffice.org
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\JRE
2009-04-18 08:11 . 2009-04-18 08:11 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-17 06:17 . 2009-04-17 06:17 -------- d-----w C:\4c705c913133e00c3bdb7c66a5
2009-04-12 23:33 . 2009-04-12 23:33 -------- d-----w c:\users\Jerry\AppData\Roaming\Intuit
2009-04-12 23:32 . 2009-04-12 23:32 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-12 23:25 . 2009-04-12 23:29 -------- d-----w c:\programdata\Intuit
2009-04-12 23:25 . 2009-04-12 23:29 -------- d-----w c:\users\All Users\Intuit
2009-04-12 23:25 . 2009-04-12 23:28 -------- d-----w c:\program files\Common Files\Intuit
2009-04-12 23:24 . 2009-04-12 23:24 -------- d-----w c:\program files\TurboTax
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\programdata\Amazon
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\users\All Users\Amazon
2009-04-12 23:21 . 2009-04-12 23:21 -------- d-----w c:\program files\Amazon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 03:04 . 2008-09-02 01:20 -------- d-----w c:\program files\Crawler
2009-05-04 03:04 . 2008-06-16 12:35 -------- d-----w c:\program files\SelectView
2009-05-04 02:53 . 2008-06-20 01:09 312 ----a-w c:\windows\Tasks\GlaryInitialize.job
2009-05-04 02:51 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 23:38 . 2008-12-06 09:39 -------- d-----w c:\program files\a-squared Free
2009-05-02 19:53 . 2009-01-31 20:53 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-05-02 06:44 . 2007-07-29 04:44 12962 ----a-w c:\users\Jerry\AppData\Roaming\wklnhst.dat
2009-04-30 21:35 . 2008-06-20 02:58 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 00:00 . 2009-02-14 15:07 -------- d-----w c:\program files\cdrfe14
2009-04-26 02:32 . 2009-04-26 02:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-04-26 02:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-26 02:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-26 02:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-26 02:28 . 2009-04-26 02:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-04-26 02:23 . 2009-04-26 02:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-04-26 02:23 . 2009-04-26 02:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-04-24 09:38 . 2008-11-01 23:22 -------- d-----w c:\program files\Opera
2009-04-22 08:31 . 2008-06-20 02:58 -------- d-----w c:\users\Jerry\AppData\Roaming\SUPERAntiSpyware.com
2009-04-22 08:31 . 2008-05-23 01:40 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-21 03:59 . 2007-06-09 17:26 -------- d-----w c:\program files\Java
2009-04-21 03:28 . 2008-12-29 10:07 30800 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-04-21 03:28 . 2008-12-29 10:07 197712 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-04-21 03:28 . 2008-12-29 10:07 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-04-18 08:20 . 2007-06-16 06:10 164392 ----a-w c:\users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 06:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-09 07:14 . 2008-08-09 22:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:32 . 2008-08-09 22:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-09 22:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 03:09 . 2008-06-14 11:27 -------- d-----w c:\program files\SpywareBlaster
2009-03-28 19:40 . 2008-09-27 23:19 -------- d-----w c:\program files\COMODO
2009-03-17 03:38 . 2009-04-14 20:59 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 20:59 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:59 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 01:02 . 2008-07-18 22:49 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-10 05:27 . 2009-02-03 01:21 -------- d-----w c:\program files\Serials 2005
2009-03-07 20:54 . 2008-05-16 15:58 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 15:58 . 2008-12-17 13:43 226704 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-03 04:46 . 2009-04-14 20:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 20:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 20:59 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 20:59 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 20:59 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 20:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 20:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 20:59 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 20:59 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 20:59 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 20:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 20:59 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 20:59 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-14 20:59 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 20:59 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 04:33 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-04 13:45 . 2009-02-04 13:45 6 ----a-w c:\windows\Fonts\wfonts.key
2008-11-07 03:03 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-02-28 00:24 . 2008-02-28 00:24 2 --shatr c:\windows\winstart.bat
2007-10-21 22:28 . 2007-07-03 08:04 88 --sh--r c:\windows\System32\6CD8A889ED.sys
2007-10-21 22:28 . 2007-07-03 08:04 3764 --sha-w c:\windows\System32\KGyGaAvL.sys
2007-02-21 11:47 . 2008-05-15 06:23 31232 --sh--r c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-05-15 06:23 27648 --sh--w c:\windows\System32\Smab0.dll
2007-06-10 01:11 . 2007-06-10 01:10 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-05-02_02.11.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-16 05:00 . 2009-05-02 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-16 05:00 . 2009-05-04 02:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-06-16 05:00 . 2009-05-02 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-16 05:00 . 2009-05-04 02:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-16 05:00 . 2009-05-02 01:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-06-16 05:00 . 2009-05-04 02:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-01 20:34 . 2009-05-01 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-04 02:51 . 2009-05-04 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-01 20:34 . 2009-05-01 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-04 02:51 . 2009-05-04 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-04 02:57 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-01 20:39 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-01 20:39 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-04 02:57 101144 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"HitwarePKLite"="c:\program files\Hitware Popup Killer Lite\HitwarePKLite.exe" [2004-02-13 174592]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\Jerry\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-30 79872]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-08 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-14 29744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe" [2008-02-07 90112]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-21 2053320]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-04-06 247296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-05-01 209153]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]
c:\users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2008-2-15 249344]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-9 50688]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\AGRemind.exe [2008-1-29 323584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-21 335048]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2065844290-291699721-3380298128-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DA0526AB-A575-4175-BECA-ECBD6F1FF7F9}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{66FE9438-FD07-4C98-9FEC-31D3A423DE76}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8C709780-F80C-40D4-9425-411C84F4793C}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1B59405D-79DC-4A2B-AB1C-69CBE0B540CC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{FC4FBB94-DF2D-4699-9703-68F59168E5C1}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{2F1BE20F-BE5D-479E-AC8D-8710C4628606}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{226E66CA-A57A-40BA-932A-A08C86CC5C80}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{43AFAA9B-F3D4-4391-B57E-CCEFCB3B2602}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{85018317-058D-4867-93E6-B7EC8C9AE1A4}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{C0F705B5-0594-46C9-8B8F-51A365AE3D9D}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{4A320853-1195-4EA9-B0D1-4D7A05F638B4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{6B997C5D-8ED7-4E09-BB14-DF747B8EEBB7}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{036B6906-D059-46D6-BC54-05FE2F3ED390}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{2AD9CA5F-EC0A-44C0-917B-D90EBEA6753A}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{F6149169-7DAD-4AFF-ADF2-6C20DBC830E7}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9ECE59DA-65BE-46F8-9797-A49B5BE3988D}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{13ED0B9B-358E-4135-87EC-A9DFC4D08EA5}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{9AC20DE3-A996-4DC8-931B-83B150A9644B}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{B4CEFC73-604A-4FEB-88D9-6E52D1AB2614}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{22A51E98-A5C7-405E-8966-8C8BEB1CEA5C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0A9A55A1-05B3-404C-8462-66999DEA2B42}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4F0A4C86-8822-4D06-A1C0-E823308B6542}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AntiVirUpgradeService;Avira Upgrade Service; [x]
R2 CSHelper;CopySafe Helper Service; [x]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-04-21 3259592]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-14 29744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-25 64160]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-04-21 197712]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-04-21 31824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-04-06 319488]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-01 194817]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-01 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-01 432897]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-01-29 13088]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2009-04-21 361160]
S2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [2007-06-29 126976]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-06-09 5504]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2009-04-21 30800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{068742a3-eac4-11dd-a0cf-0019d17fe1d5}]
\shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-05-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:53]
2009-05-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-06-20 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
IE: {{16D60F96-2FF6-40b2-96D3-C32170E45A01} - {DA45FFEB-CD7D-4220-9B9B-F71967DE2B60} - c:\program files\SelectView\svie.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
FF - ProfilePath - c:\users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\nh3imumf.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66016&qkw=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 23:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,57,ff,e0,f9,90,
c5,86,92,c8,28,51,af,b0,29,a3,98,d7,24,e4,f7,f9,0e,54,88,e2,63,26,f1,3f,c8,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,cf,89,ba,7a,6c,
62,a2,ec,71,3b,04,66,8b,46,0d,96,04,2b,4c,0c,47,65,4b,18,6a,9c,d6,61,af,45,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,40,be,ff,ce,
40,26,cc,25,da,ec,7e,55,20,c9,26,9c,1e,30,76,d4,bd,7b,d0,ff,7c,85,e0,43,d4,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,58,f2,e0,61,62,
25,b4,79,3e,1e,9e,e0,57,5a,93,61,90,01,8a,90,79,1f,96,dd,86,8c,21,01,be,91,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,d2,2b,65,5e,68,
18,1c,5a,cd,44,cd,b9,a6,33,6c,cd,31,50,be,ac,8c,39,fd,a0,f5,1d,4d,73,a8,13,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,dd,05,c5,d8,c3,
ad,3f,e5,b0,18,ed,a7,3f,8d,37,a4,7c,45,1b,2b,2e,b8,14,e3,df,20,58,62,78,6b,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,09,fb,35,58,cc,
2c,58,51,31,77,e1,ba,b1,f8,68,02,b1,91,5e,22,87,d1,20,ea,fb,a7,78,e6,12,2f,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_USERS\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,96,dd,c1,66,e8,
9d,9b,5e,83,6c,56,8b,a0,85,96,ab,8d,5d,45,e8,4f,8f,d4,df,01,3a,48,fc,e8,04,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,3b,e0,4d,14,15,
be,20,dd,51,fa,6e,91,28,9e,14,cc,7c,7f,dc,5c,56,ff,7a,d2,f6,0f,4e,58,98,5b,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,cb,24,93,62,fd,
1b,21,9c,b1,cd,45,5a,a8,c4,f8,b9,f6,0c,90,a6,cc,7a,cd,2a,3d,ce,ea,26,2d,45,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,95,53,8c,ad,10,
82,bc,4a,e3,0e,66,d5,eb,bc,2f,6b,74,4a,b1,42,24,e1,b5,67,2a,b7,cc,b5,b9,7f,\
[HKEY_USERS\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ba,c8,3e,0b,96,
00,5e,7b,fa,ea,66,7f,d4,3b,6b,70,9f,3f,bf,16,3e,e0,91,32,6c,43,2d,1e,aa,22,\
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2824)
c:\windows\system32\ieframe.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
Completion time: 2009-05-04 23:16
ComboFix-quarantined-files.txt 2009-05-04 03:15
ComboFix2.txt 2009-05-02 02:14
Pre-Run: 184,336,465,920 bytes free
Post-Run: 184,309,428,224 bytes free
573 --- E O F --- 2009-04-17 06:17
How are things running now ?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.