View Full Version : Windows Update dialog freezes (Resolved)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:08 AM, on 5/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c91a5fe5942e82) (gupdate1c91a5fe5942e82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12549 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
info.txt logfile of random's system information tool 1.06 2009-05-18 07:21:56
======Uninstall list======
-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
2x1/4x1 USB Peripheral Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3752427-9AAA-4B1C-B428-01723E0E9FFA}\SETUP.EXE"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis*True*Image*Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced System Protector-->"C:\Program Files\Systweak\Advanced System Protector\unins000.exe"
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apache HTTP Server 2.2.11-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Rootkit Free-->C:\Program Files\AVG Anti-Rootkit Free\Uninstall.exe
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Bit9 FileAdvisor-->MsiExec.exe /I{B9AFA7E8-06AA-49FA-A04A-B6DAF6574BFE}
ButtonGadget2-->"C:\Program Files\ButtonGadget2\unins000.exe"
C24_USB_Driver_2.0.2.9_for_XP_Vista32-->MsiExec.exe /I{F1D4C949-0D3E-46F1-BB40-839EFBC25B77}
C3400 UserGuide-->C:\Windows\IsUninst.exe -f"C:\Program Files\OKIDATA\C3400 Userguide\Uninst.isu"
C3400n from OKI® Printing Solutions GDI Driver Version 2.0.0 for Windows Vista-->C:\Program Files\InstallShield Installation Information\{47A54B4B-A4E6-4738-ADE8-75831FFBA0D2}\setup.exe -runfromtemp -l0x0009 -removeonly
CoffeeCup Web Form Builder - Registered-->C:\PROGRA~1\CoffeeCup Software\CoffeeCup Web Form Builder\UNWISE.EXE C:\PROGRA~1\CoffeeCup Software\CoffeeCup Web Form Builder\INSTALL.LOG
CoffeeCup Web Form Builder - Trial-->C:\PROGRA~1\CoffeeCup Software\CoffeeCup Web Form Builder\UNWISE.EXE C:\PROGRA~1\CoffeeCup Software\CoffeeCup Web Form Builder\INSTALL.LOG
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
CorelDRAW Graphics Suite X3-->C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} C:\Users\Jim\AppData\Local\Temp\CGSX3.log
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
deskPDF 2.5 Professional Edition-->"C:\Program Files\DeskPDF\unins000.exe"
DeskScapes-->C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\UNWISE.EXE C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\INSTALL.LOG
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Docudesk GPL Ghostscript 8.15-->"C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
Documentation & Support Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
docXConverter 3.1.1-->"C:\Program Files\docXConverter3\unins000.exe"
DreamMaker-->C:\PROGRA~1\Stardock\Object Desktop\DreamMaker\UNWISE.EXE C:\PROGRA~1\Stardock\Object Desktop\DreamMaker\INSTALL.LOG
Easy Thumbnails (Remove only)-->"C:\Program Files\Easy Thumbnails\unins000.exe"
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
EULAlyzer v1.2-->"C:\Program Files\EULAlyzer\unins000.exe"
Feed Viewer (Beta) for Windows SideShow-->MsiExec.exe /X{E4DA04B6-3EC4-4DFD-A14E-44959EF36D5B}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Free Download Manager 2.1-->"C:\Program Files\Free Download Manager\unins000.exe"
FTP Voyager 15.1-->"C:\Program Files\FTP Voyager\unins000.exe"
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\Windows\inf\GETPLUSo.INF, DefaultUninstall
Glary Registry Repair 2.9-->"C:\Program Files\Glary Registry Repair\unins000.exe"
Google Earth Plugin-->MsiExec.exe /I{9491C880-1C35-11DE-97B2-005056806466}
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Designjet Z6100 Photo Printer Series-->"C:\Program Files\Hewlett-Packard\Install Engines\HP Designjet Z6100 Photo Printer Series\setup.exe" /x
HP ICC Profiles-->MsiExec.exe /I{705ECF33-B2F2-42F7-86F2-52B394AF9C09}
HP Web Registration-->MsiExec.exe /X{277B3CCC-4FDA-444F-8F28-DA65326D8D91}
HyperSnap 6-->C:\Program Files\HyperSnap 6\HprUnInst.exe
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Ken Rename 0.68-->C:\Program Files\Ken Rename\uninst.exe
Launchy 2.0-->"C:\Program Files\Launchy\unins000.exe"
MagicDisc 2.7.105-->C:\PROGRA~1\MagicDisc\UNWISE.EXE C:\PROGRA~1\MagicDisc\INSTALL.LOG
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mio Technology SpeedCam Tool-->C:\PROGRA~1\Mio Technology\SpeedCAM Tool\Setup.exe /remove
MioMap v3 Updater for Mio C320 C520-->MsiExec.exe /I{E034F4EA-F267-4DD1-B8EB-C7B2805D0040}
MioTransfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F6DA398-707F-4D52-AE6A-7E812D1662D6}\setup.exe" -l0x9
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Server 5.0-->MsiExec.exe /I{406AD3D7-F5BB-49C1-A280-6BCB5F6BC099}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
One Button-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD}\Setup.exe" -l0x9 -u
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Panda NanoScan-->C:\Program Files\Panda Security\NanoScan\nanounst.exe
PC Magazine Shred 3.0-->"C:\Program Files\PC Magazine Utilities\Shred 3\unins000.exe"
PrnPrint v3.32-->C:\Program Files\PrnPrint\uninst.exe
QuickBooks Premier: Mfg and Whsle Edition 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="wholesale" QBFULLNAME="QuickBooks Premier: Mfg and Whsle Edition 2008" ADDREMOVE=1
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickSet-->MsiExec.exe /I{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sizer (remove only)-->C:\Program Files\Sizer\Uninstall.exe
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snapshot (remove only)-->"C:\Program Files\Snapshot\uninstall.exe"
SnapStream Beyond TV Link 4.6.1-->"C:\Program Files\SnapStream Media\Beyond TV Link\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncToy-->MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
The Rosetta Stone-->C:\Windows\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Tournament Scheduler-->"C:\Windows\Tournament Scheduler\uninstall.exe" "/U:C:\Program Files\Tournament Scheduler\Uninstall\uninstall.xml"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
WallMaster-->C:\PROGRA~1\WallMaster\UNWISE.EXE C:\PROGRA~1\WallMaster\INSTALL.LOG
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WordPerfect Mail-->MsiExec.exe /I{5D50644B-310A-4C1B-B2DD-B8E781ADC430}
WordPerfect Office X3-->"C:\Program Files\WordPerfect Office X3\Cabs\MSILauncher.exe" "{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}"
WordPerfect Office X3-->MsiExec.exe /I{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}
Zinio Reader-->C:\Program Files\Zinio\uninstall.exe
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
=====HijackThis Backups=====
O2 - BHO: gPhotoShow Toolbar Helper - {D6D45128-E25E-4036-90D1-F43872902148} - C:\Program Files\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll [2008-12-16]
======Hosts File======
127.0.0.1 myserver.dev
127.0.0.1 www.myserver.dev
======Security center information======
AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware (outdated)
AS: Windows Defender (disabled)
======System event log======
Computer Name: Jim-Laptop
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 2092276
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090518050037.142000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Jim-Laptop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 2092290
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090518110245.013005-000
Event Type: Error
User:
Computer Name: Jim-Laptop
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
Record Number: 2092385
Source Name: Service Control Manager
Time Written: 20090518110457.000000-000
Event Type: Error
User:
Computer Name: Jim-Laptop
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Record Number: 2092386
Source Name: Service Control Manager
Time Written: 20090518110527.000000-000
Event Type: Error
User:
Computer Name: Jim-Laptop
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
Record Number: 2092394
Source Name: Service Control Manager
Time Written: 20090518110651.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Jim-Laptop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3210595271-3191277292-2523619334-1001:
Process 1696 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software\Policies
Process 1696 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software
Record Number: 74663
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090516044904.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Jim-Laptop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3210595271-3191277292-2523619334-1001:
Process 1652 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software\Policies
Process 1652 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software
Record Number: 74697
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090516123456.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Jim-Laptop
Event Code: 1000
Message: Faulting application CorelDRW.exe, version 13.0.0.739, time stamp 0x454d311b, faulting module CdrCore.dll, version 13.0.0.739, time stamp 0x454d4ac4, exception code 0xc0000005, fault offset 0x00182624, process id 0x1568, application start time 0x01c9d6f1e9a123a6.
Record Number: 74729
Source Name: Application Error
Time Written: 20090517133436.000000-000
Event Type: Error
User:
Computer Name: Jim-Laptop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3210595271-3191277292-2523619334-1001:
Process 1592 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software\Policies
Process 1592 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software
Record Number: 74735
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090517133940.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Jim-Laptop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-3210595271-3191277292-2523619334-1001:
Process 1828 (\Device\HarddiskVolume3\Windows\System32\ZoneLabs\vsmon.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001
Process 1828 (\Device\HarddiskVolume3\Windows\System32\ZoneLabs\vsmon.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001
Process 1640 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software\Policies
Process 1640 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3210595271-3191277292-2523619334-1001\Software
Record Number: 74765
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090518045953.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Jim-Laptop
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 120771
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090505054418.935020-000
Event Type: Audit Success
User:
Computer Name: Jim-Laptop
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 120772
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054422.428600-000
Event Type: Audit Success
User:
Computer Name: Jim-Laptop
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3f0e8
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 120773
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090505054421.977020-000
Event Type: Audit Success
User:
Computer Name: Jim-Laptop
Event Code: 4616
Message: The system time was changed.
Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Process Information:
Process ID: 0x68c
Name: C:\Windows\System32\svchost.exe
Previous Time: 1:44:22 AM 5/5/2009
New Time: 1:44:22 AM 5/5/2009
This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 120774
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090505054422.023000-000
Event Type: Audit Success
User:
Computer Name: Jim-Laptop
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 120775
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090505115047.833554-000
Event Type: Audit Success
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\server\php;C:\Program Files\MySQL\MySQL Server 5.0\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jim at 2009-05-18 07:20:57
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 14 GB (22%) free of 64 GB
Total RAM: 2046 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:51 AM, on 5/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jim.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c91a5fe5942e82) (gupdate1c91a5fe5942e82) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12550 bytes
======Scheduled tasks folder======
C:\Windows\tasks\b4a_Complete Backup.job
C:\Windows\tasks\b4a_Incremental Backup.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{3EB630C7-B1AE-4FA1-AE16-A0CBC297EEB7}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-17 1062184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-04-12 5931848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-02-08 501384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-06-23 654320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-04-12 5931848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-17 815104]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-01-12 303104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2006-11-27 1540096]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-01-20 4359280]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-01-20 960536]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-01-20 377232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"=C:\Program Files\Zinio\ZinioReader.exe [2008-08-11 3874886]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"QuickenScheduledUpdates"=C:\Program Files\Quicken\bagent.exe [2007-05-07 87592]
"Backup4all Scheduler"= []
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-04-12 160592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Protector]
C:\Program Files\Systweak\Advanced System Protector\ASP.exe [2009-03-05 15593704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
C:\Program Files\Prolific\One Button\OneBtn.exe [2004-06-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2007-01-03 83568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^F1U201.401.lnk]
C:\Program Files\Belkin\F1U201.401\usbshare.exe [2003-04-08 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~1\Launchy\Launchy.exe [2007-12-18 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MagicDisc\MagicDisc.exe [2008-07-28 575488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Thunderbird.exe.lnk]
C:\PROGRA~1\MOZILL~2\thunderbird.exe [2009-03-19 8500328]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TrueAssistant.lnk]
[]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
QuickSet.lnk - C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
WallMaster.lnk - C:\Program Files\WallMaster\wallmast.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-10-11 233888]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2007-03-23 91848]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2007-03-27 489160]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2007-03-21 104112]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c697652-bc6d-11db-9f8e-0016cfd158a1}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\/RECYCLER/indataset.exe navg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{754fa26a-6de6-11dd-923f-0016cfd158a1}]
shell\AutoRun\command - G:\autorun.exe
======List of files/folders created in the last 1 months======
2009-05-18 07:20:57 ----D---- C:\rsit
2009-05-15 10:27:12 ----D---- C:\Windows\ERDNT
2009-05-15 10:26:19 ----D---- C:\Program Files\ERUNT
2009-05-15 08:50:38 ----D---- C:\6923062ca8b239884534
2009-05-15 08:42:58 ----D---- C:\6fd25f7f883cfb2b6d16067f9ef27fb2
2009-05-15 08:38:37 ----D---- C:\e484195503f1e3204f204419da
2009-05-11 21:44:44 ----D---- C:\Windows\Tournament Scheduler
2009-05-11 21:44:44 ----D---- C:\Program Files\Tournament Scheduler
2009-05-11 21:42:22 ----A---- C:\Windows\Tournament Scheduler Setup Log.txt
2009-04-20 19:53:02 ----A---- C:\Windows\system32\rpcss.dll
2009-04-20 19:53:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-20 19:53:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-20 19:53:00 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-20 19:52:59 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-20 19:52:59 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-20 19:52:59 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-20 19:52:59 ----A---- C:\Windows\system32\iashost.exe
2009-04-20 19:52:59 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-20 19:52:59 ----A---- C:\Windows\system32\iasads.dll
2009-04-20 19:52:50 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-20 19:52:50 ----A---- C:\Windows\system32\kernel32.dll
2009-04-20 19:52:48 ----A---- C:\Windows\system32\secur32.dll
2009-04-20 19:52:48 ----A---- C:\Windows\system32\apilogen.dll
2009-04-20 19:52:48 ----A---- C:\Windows\system32\amxread.dll
2009-04-20 19:52:40 ----A---- C:\Windows\system32\winhttp.dll
2009-04-20 19:52:33 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-20 19:52:33 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-20 19:52:22 ----A---- C:\Windows\system32\mshtml.dll
2009-04-20 19:52:15 ----A---- C:\Windows\system32\ieframe.dll
2009-04-20 19:52:11 ----A---- C:\Windows\system32\urlmon.dll
2009-04-20 19:52:10 ----A---- C:\Windows\system32\iertutil.dll
2009-04-20 19:52:10 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-20 19:52:09 ----A---- C:\Windows\system32\wininet.dll
2009-04-20 19:52:09 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-20 19:52:06 ----A---- C:\Windows\system32\occache.dll
2009-04-20 19:52:06 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-20 19:52:04 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-20 19:52:02 ----A---- C:\Windows\system32\ieencode.dll
2009-04-20 19:52:01 ----A---- C:\Windows\system32\mstime.dll
2009-04-20 19:52:00 ----A---- C:\Windows\system32\jsproxy.dll
======List of files/folders modified in the last 1 months======
2009-05-18 07:21:09 ----D---- C:\Windows\Prefetch
2009-05-18 07:20:09 ----D---- C:\Windows\Internet Logs
2009-05-18 07:14:25 ----D---- C:\Program Files\Mozilla Firefox
2009-05-18 07:14:24 ----D---- C:\Windows\Temp
2009-05-17 22:08:05 ----SHD---- C:\System Volume Information
2009-05-17 22:06:46 ----A---- C:\Windows\BRWMARK.INI
2009-05-17 22:06:46 ----A---- C:\Windows\BRPP2KA.INI
2009-05-15 10:27:12 ----D---- C:\Windows
2009-05-15 10:26:19 ----D---- C:\Program Files
2009-05-15 10:17:39 ----D---- C:\Program Files\AVG Anti-Rootkit Free
2009-05-15 08:44:51 ----D---- C:\Users\Jim\AppData\Roaming\Free Download Manager
2009-05-14 21:41:25 ----D---- C:\Program Files\MSECACHE
2009-05-13 01:57:30 ----D---- C:\Windows\Minidump
2009-05-11 23:01:28 ----D---- C:\Windows\system32\Tasks
2009-05-11 21:44:49 ----D---- C:\Windows\System32
2009-05-09 14:59:26 ----D---- C:\Windows\system32\FxsTmp
2009-05-09 07:46:58 ----D---- C:\Windows\system32\catroot2
2009-05-06 22:31:14 ----SHD---- C:\Windows\Installer
2009-05-06 22:31:11 ----D---- C:\Windows\Tasks
2009-05-03 21:11:42 ----D---- C:\Windows\winsxs
2009-05-02 11:31:30 ----D---- C:\Windows\system32\catroot
2009-05-02 11:31:28 ----D---- C:\Windows\inf
2009-04-20 20:54:58 ----D---- C:\Windows\system32\wbem
2009-04-20 20:54:58 ----D---- C:\Program Files\Windows Mail
2009-04-20 20:54:57 ----D---- C:\Windows\system32\manifeststore
2009-04-20 20:54:57 ----D---- C:\Windows\AppPatch
2009-04-20 20:54:56 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-09-18 148496]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-10-09 293776]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-04-16 44704]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-27 534016]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-01-12 647680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-17 179256]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 BCASPROT;Advanced System Protector; \??\C:\Program Files\Systweak\Advanced System Protector\sasprot32.sys [2008-08-05 6656]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-18 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-05-23 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2); C:\Windows\system32\DRIVERS\idcphid.sys [2008-12-11 16256]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2008-09-18 148496]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 usbser;Motorola USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2003-12-26 24192]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-01-20 618936]
R2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2006-11-27 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c91a5fe5942e82;Google Update Service (gupdate1c91a5fe5942e82); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-09-19 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-23 137200]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 OKI OPHG DCS Loader;OKI OPHG DCS Loader; C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE [2006-12-13 24576]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
-----------------EOF-----------------
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Malwarebytes' Anti-Malware 1.36
Database version: 2150
Windows 6.0.6001 Service Pack 1
5/19/2009 10:27:49 AM
mbam-log-2009-05-19 (10-27-48).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 284521
Time elapsed: 2 hour(s), 33 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 09-05-19.03 - Jim 05/19/2009 13:31.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1225 [GMT -4:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *disabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\MailSwitch.ocx
.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.
2009-05-19 11:48 . 2009-05-19 11:48 -------- d-----w c:\users\Jim\AppData\Roaming\Malwarebytes
2009-05-19 11:47 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 11:47 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 11:47 . 2009-05-19 11:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 11:47 . 2009-05-19 11:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-19 11:47 . 2009-05-19 11:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 11:20 . 2009-05-18 11:21 -------- d-----w C:\rsit
2009-05-15 14:26 . 2009-05-15 14:26 -------- d-----w c:\program files\ERUNT
2009-05-15 12:50 . 2009-05-15 12:50 -------- d-----w C:\6923062ca8b239884534
2009-05-15 12:42 . 2009-05-15 12:42 -------- d-----w C:\6fd25f7f883cfb2b6d16067f9ef27fb2
2009-05-15 12:38 . 2009-05-15 12:38 -------- d-----w C:\e484195503f1e3204f204419da
2009-05-12 02:55 . 2009-05-12 02:57 -------- d-----w c:\users\Jim\SplendidCity_Data
2009-05-12 01:44 . 2009-05-12 01:44 -------- d-----w c:\windows\Tournament Scheduler
2009-05-12 01:44 . 2009-05-12 03:39 -------- d-----w c:\program files\Tournament Scheduler
2009-05-02 15:31 . 2009-05-02 15:31 34 ----a-w c:\windows\system32\BD2140.DAT
2009-04-20 23:53 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-20 23:53 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-20 23:53 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-20 23:53 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 17:27 . 2007-07-01 12:26 349224 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-05-19 17:04 . 2007-03-03 21:37 4704 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-19 16:50 . 2007-07-01 12:44 22658252 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-19 16:50 . 2007-07-01 12:44 1691915040 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-19 16:50 . 2007-02-28 16:12 4527 ----a-w c:\windows\bthservsdp.dat
2009-05-15 14:17 . 2008-12-24 13:02 -------- d-----w c:\program files\AVG Anti-Rootkit Free
2009-05-15 01:41 . 2007-09-16 13:01 -------- d-----w c:\program files\MSECACHE
2009-04-21 00:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:05 . 2008-08-19 15:51 -------- d-----w c:\program files\MagicISO
2009-04-16 12:31 . 2009-04-16 12:31 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys
2009-04-16 12:30 . 2009-04-16 12:30 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-16 12:30 . 2009-04-16 12:30 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-16 12:30 . 2009-04-16 12:30 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-16 12:29 . 2009-04-16 12:28 -------- d-----w c:\program files\Common Files\Acronis
2009-04-16 12:29 . 2009-04-16 12:29 -------- d-----w c:\program files\Acronis
2009-04-16 12:15 . 2009-04-16 03:14 -------- d-----w c:\program files\Runtime Software
2009-04-09 13:01 . 2007-02-28 17:17 144272 ----a-w c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-07 14:45 . 2009-04-07 14:45 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-07 14:44 . 2009-04-07 14:44 -------- d-----w c:\program files\Softland
2009-04-05 12:18 . 2009-04-05 12:03 -------- d-----w c:\program files\s7raw.047e
2009-04-05 12:14 . 2007-02-28 18:39 -------- d-----w c:\program files\DellConnect
2009-04-04 17:32 . 2008-12-23 12:53 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-01 11:52 . 2007-02-08 13:02 -------- d-----w c:\program files\Google
2009-03-24 14:57 . 2007-08-10 14:11 26 ----a-w c:\users\Jim\AppData\Roaming\Opusbext.dat
2009-03-24 11:20 . 2009-03-24 11:07 -------- d-----w c:\program files\Motorola Phone Tools
2009-03-24 11:18 . 2007-02-08 12:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 11:12 . 2009-03-20 12:57 -------- d-----w c:\program files\Avanquest update
2009-03-20 13:02 . 2009-03-20 13:02 24192 ----a-w c:\users\Jim\usbsermptxp.sys
2009-03-20 13:02 . 2009-03-20 13:02 22768 ----a-w c:\users\Jim\usbsermpt.sys
2009-03-17 03:38 . 2009-04-20 23:52 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-20 23:52 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-05 12:01 . 2008-09-17 02:41 137 ---ha-w c:\users\Jim\AppData\Roaming\lakerda1967.sys
2009-03-03 04:40 . 2009-04-20 23:52 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-20 23:52 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-20 23:52 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-20 23:52 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-20 23:52 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-20 23:52 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-20 23:52 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 02:38 . 2009-04-20 23:52 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-20 23:52 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-12-31 17:19 . 2008-12-31 17:19 458 ----a-w C:\Program Files.lnk
2008-05-25 15:02 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2007-09-16 17:40 . 2007-09-16 17:40 190 ----a-w c:\program files\Common Files\psasetup.log
2007-11-04 14:00 . 2007-11-03 22:21 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-11-04 14:00 . 2007-11-03 22:21 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2007-03-04 13:29 . 2007-03-03 21:37 88 --sh--r c:\windows\System32\2C710F52E2.sys
2007-11-08 16:30 . 2007-11-08 16:30 8 --sh--r c:\windows\System32\43F3FBC077.sys
2007-07-27 17:05 . 2007-07-01 12:44 8644640 --sha-w c:\windows\System32\drivers\fidbox(224).dat
2007-07-09 19:29 . 2007-07-01 12:44 3704096 --sha-w c:\windows\System32\drivers\fidbox(276).dat
2007-08-02 16:38 . 2007-07-01 12:44 11260960 --sha-w c:\windows\System32\drivers\fidbox(293).dat
2007-09-15 14:34 . 2007-07-01 12:44 20382240 --sha-w c:\windows\System32\drivers\fidbox(2963).dat
2007-09-15 17:06 . 2007-07-01 12:44 20692256 --sha-w c:\windows\System32\drivers\fidbox(3110).dat
2007-08-01 22:39 . 2007-07-01 12:44 10933024 --sha-w c:\windows\System32\drivers\fidbox(318).dat
2007-09-16 17:31 . 2007-07-01 12:44 21238816 --sha-w c:\windows\System32\drivers\fidbox(465).dat
2007-12-17 12:46 . 2007-07-01 12:44 30865440 --sha-w c:\windows\System32\drivers\fidbox(658).dat
2008-03-07 18:57 . 2007-07-01 12:44 12674848 --sha-w c:\windows\System32\drivers\fidbox(702).dat
2007-02-08 20:31 . 2007-02-08 20:31 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-08-11 3874886]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2007-05-07 87592]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-13 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-01-12 303104]
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2008-9-30 288256]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-8 50688]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-2-8 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck sasnative32
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^F1U201.401.lnk]
backup=c:\windows\pss\F1U201.401.lnkCommon Startup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
backup=c:\windows\pss\Launchy.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Thunderbird.exe.lnk]
backup=c:\windows\pss\Thunderbird.exe.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TrueAssistant.lnk]
backup=c:\windows\pss\TrueAssistant.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3210595271-3191277292-2523619334-1001]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0B6C266-8056-4D5B-B371-110EF226238A}"= TCP:67:DHCP Discovery Service
"{891874CB-8322-4FFE-A29D-DEDC25F0BA5F}"= UDP:c:\program files\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{7523DAE8-05F7-4878-B7BE-C3C53C42622A}"= TCP:c:\program files\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{0DCFAB01-B8AC-436E-94EE-10666AD31038}"= UDP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{CA394F77-2F60-4521-9D53-CD5DF7AAD066}"= TCP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{A882DC95-99D6-49F3-92C3-80E7372CBD6B}"= UDP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{35F97D51-F987-4245-AA7D-DD6351D25340}"= TCP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{590B78B0-6E7E-4C23-8D4F-82ED93D1BED0}"= UDP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{BEBE23F0-8353-4770-BFBA-282AEDECEC03}"= TCP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{8A4A7238-7D47-4CFF-A52A-E00B9E0789E3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{59E44FAE-7505-4CAB-B5D3-0BB30E22BF71}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{54AC49FE-6C87-452B-9C65-DF59DA8E1EEC}"= UDP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{FB1EC86D-DFC9-45EA-A1C2-63216FAEAA57}"= TCP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{CCD8B45C-21E5-45F2-A9CA-C07FDF1FB94B}"= UDP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{4BA6E512-9DED-473D-B127-957AD3B685A0}"= TCP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{CC382090-961D-421E-89B9-B07C016F60FC}"= UDP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{6B36DC8E-1774-4C31-A89E-D05A1764B3F7}"= TCP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{F8B7BC82-F600-49F6-BC60-032AC227DA2C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{B9A5042C-4695-40CE-A633-140ABC21E6B9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{3129CAE1-91EB-42D5-BE4F-A0F13621C73F}"= UDP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{C0A29B0D-4008-4F91-976A-8F9716FAE33B}"= TCP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{4AC30B5B-C61D-4C65-B951-3FDB6193C34F}"= UDP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{DD9E778E-6EA9-4EAE-871D-23E2B060D8B0}"= TCP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{386946C8-4438-44E5-8579-FF1B8CE1BC94}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7CD169B1-18FA-425D-9ABB-58C6298C7DE3}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{A2195EFE-39DC-42E2-B8A8-4D8CB31F7DE6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7F07B8D8-A700-4F05-A4E4-03AEE9B230E0}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{82D30015-480D-4855-BD67-405F857D5285}"= UDP:3306:MySQL Server
"{B99F4B07-E173-4114-A798-D264EFA2E2FD}"= UDP:c:\windows\System32\spoolsv.exe:HP Networked Printer Installer
"{EBF4C150-53A5-41BE-9C37-91C6744D25B5}"= TCP:c:\windows\System32\spoolsv.exe:HP Networked Printer Installer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\System32\drivers\snman380.sys [4/16/2009 8:30 AM 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\System32\drivers\tdrpm174.sys [4/16/2009 8:31 AM 971552]
R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [12/10/2008 1:10 AM 24636]
S2 gupdate1c91a5fe5942e82;Google Update Service (gupdate1c91a5fe5942e82);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2008 9:59 AM 133104]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [1/4/2009 9:21 AM 6656]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\System32\drivers\idcphid.sys [12/11/2008 11:28 AM 16256]
S4 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\System32\spool\drivers\w32x86\3\OPHGLDCS.EXE [8/10/2007 10:06 AM 24576]
--- Other Services/Drivers In Memory ---
*Deregistered* - IDSvix86
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-05-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-19 14:14]
2009-05-19 c:\windows\Tasks\User_Feed_Synchronization-{3EB630C7-B1AE-4FA1-AE16-A0CBC297EEB7}.job
- c:\windows\system32\msfeedssync.exe [2008-05-25 03:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Backup4all Scheduler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070208
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.lakesidecornhole.com/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
FF - component: c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Panda Security\NanoScan\Plugins\npnanoscan.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 13:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1dccc6f3-1e25-4ca7-ae49-2f42eb21c724}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{408f18e3-98d9-42e1-8a69-f26c64cda435}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
"Dhcpv6Iaid"=dword:0b001a92
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{474e173e-4f59-4ee2-9ae3-45251f8084db}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{475aafd1-557c-4618-b1e6-32addb7e7cb4}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6bfb3e26-7c09-47b5-81b7-6d3af393845b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b0019b9
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8cfcdb15-50ac-478b-9d8a-d129cb76b1fe}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{97c8b182-fdd2-4bea-9e0b-4195f9b7d499}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:120016cf
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]r
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a0d9f07d-68e9-4340-9ac8-aff50b7bebb6}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a36a88ed-59d8-4a0f-8704-e160619a4c7f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-05-19 13:42
ComboFix-quarantined-files.txt 2009-05-19 17:42
Pre-Run: 14,507,081,728 bytes free
Post-Run: 14,411,583,488 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=15 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
356 --- E O F --- 2009-05-04 01:11
How is Windows Update performing now ?
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
FixCSet::
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1dccc6f3-1e25-4ca7-ae49-2f42eb21c724}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{408f18e3-98d9-42e1-8a69-f26c64cda435}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{474e173e-4f59-4ee2-9ae3-45251f8084db}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{475aafd1-557c-4618-b1e6-32addb7e7cb4}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6bfb3e26-7c09-47b5-81b7-6d3af393845b}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8cfcdb15-50ac-478b-9d8a-d129cb76b1fe}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{97c8b182-fdd2-4bea-9e0b-4195f9b7d499}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a0d9f07d-68e9-4340-9ac8-aff50b7bebb6}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a36a88ed-59d8-4a0f-8704-e160619a4c7f}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
RegNull::
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
To answer your question - Windows Update dialog still freezes even after CFScript was dropped
**********************
ComboFix 09-05-19.03 - Jim 05/20/2009 8:51.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1425 [GMT -4:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *disabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.
2009-05-19 11:48 . 2009-05-19 11:48 -------- d-----w c:\users\Jim\AppData\Roaming\Malwarebytes
2009-05-19 11:47 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 11:47 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 11:47 . 2009-05-19 11:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 11:47 . 2009-05-19 11:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-19 11:47 . 2009-05-19 11:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-18 11:20 . 2009-05-18 11:21 -------- d-----w C:\rsit
2009-05-15 14:26 . 2009-05-15 14:26 -------- d-----w c:\program files\ERUNT
2009-05-15 12:50 . 2009-05-15 12:50 -------- d-----w C:\6923062ca8b239884534
2009-05-15 12:42 . 2009-05-15 12:42 -------- d-----w C:\6fd25f7f883cfb2b6d16067f9ef27fb2
2009-05-15 12:38 . 2009-05-15 12:38 -------- d-----w C:\e484195503f1e3204f204419da
2009-05-12 02:55 . 2009-05-12 02:57 -------- d-----w c:\users\Jim\SplendidCity_Data
2009-05-12 01:44 . 2009-05-12 01:44 -------- d-----w c:\windows\Tournament Scheduler
2009-05-12 01:44 . 2009-05-12 03:39 -------- d-----w c:\program files\Tournament Scheduler
2009-05-02 15:31 . 2009-05-02 15:31 34 ----a-w c:\windows\system32\BD2140.DAT
2009-04-20 23:53 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-20 23:53 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-20 23:53 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-20 23:53 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 13:01 . 2007-07-01 12:26 349224 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-05-20 12:59 . 2007-07-01 12:44 22689212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-20 12:59 . 2007-07-01 12:44 1693735712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 12:58 . 2007-02-28 16:12 4527 ----a-w c:\windows\bthservsdp.dat
2009-05-20 12:18 . 2007-03-03 21:37 4704 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-05-15 14:17 . 2008-12-24 13:02 -------- d-----w c:\program files\AVG Anti-Rootkit Free
2009-05-15 01:41 . 2007-09-16 13:01 -------- d-----w c:\program files\MSECACHE
2009-04-21 00:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 14:05 . 2008-08-19 15:51 -------- d-----w c:\program files\MagicISO
2009-04-16 12:31 . 2009-04-16 12:31 971552 ----a-w c:\windows\system32\drivers\tdrpm174.sys
2009-04-16 12:30 . 2009-04-16 12:30 540000 ----a-w c:\windows\system32\drivers\timntr.sys
2009-04-16 12:30 . 2009-04-16 12:30 44704 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-04-16 12:30 . 2009-04-16 12:30 134272 ----a-w c:\windows\system32\drivers\snman380.sys
2009-04-16 12:29 . 2009-04-16 12:28 -------- d-----w c:\program files\Common Files\Acronis
2009-04-16 12:29 . 2009-04-16 12:29 -------- d-----w c:\program files\Acronis
2009-04-16 12:15 . 2009-04-16 03:14 -------- d-----w c:\program files\Runtime Software
2009-04-09 13:01 . 2007-02-28 17:17 144272 ----a-w c:\users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-07 14:45 . 2009-04-07 14:45 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-07 14:44 . 2009-04-07 14:44 -------- d-----w c:\program files\Softland
2009-04-05 12:18 . 2009-04-05 12:03 -------- d-----w c:\program files\s7raw.047e
2009-04-05 12:14 . 2007-02-28 18:39 -------- d-----w c:\program files\DellConnect
2009-04-04 17:32 . 2008-12-23 12:53 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-01 11:52 . 2007-02-08 13:02 -------- d-----w c:\program files\Google
2009-03-24 14:57 . 2007-08-10 14:11 26 ----a-w c:\users\Jim\AppData\Roaming\Opusbext.dat
2009-03-24 11:20 . 2009-03-24 11:07 -------- d-----w c:\program files\Motorola Phone Tools
2009-03-24 11:18 . 2007-02-08 12:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-24 11:12 . 2009-03-20 12:57 -------- d-----w c:\program files\Avanquest update
2009-03-20 13:02 . 2009-03-20 13:02 24192 ----a-w c:\users\Jim\usbsermptxp.sys
2009-03-20 13:02 . 2009-03-20 13:02 22768 ----a-w c:\users\Jim\usbsermpt.sys
2009-03-17 03:38 . 2009-04-20 23:52 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-20 23:52 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-05 12:01 . 2008-09-17 02:41 137 ---ha-w c:\users\Jim\AppData\Roaming\lakerda1967.sys
2009-03-03 04:40 . 2009-04-20 23:52 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-20 23:52 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-20 23:52 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-20 23:52 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-20 23:52 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-20 23:52 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-20 23:52 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 02:38 . 2009-04-20 23:52 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-20 23:52 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-12-31 17:19 . 2008-12-31 17:19 458 ----a-w C:\Program Files.lnk
2008-05-25 15:02 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2007-09-16 17:40 . 2007-09-16 17:40 190 ----a-w c:\program files\Common Files\psasetup.log
2007-11-04 14:00 . 2007-11-03 22:21 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-11-04 14:00 . 2007-11-03 22:21 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2007-03-04 13:29 . 2007-03-03 21:37 88 --sh--r c:\windows\System32\2C710F52E2.sys
2007-11-08 16:30 . 2007-11-08 16:30 8 --sh--r c:\windows\System32\43F3FBC077.sys
2007-07-27 17:05 . 2007-07-01 12:44 8644640 --sha-w c:\windows\System32\drivers\fidbox(224).dat
2007-07-09 19:29 . 2007-07-01 12:44 3704096 --sha-w c:\windows\System32\drivers\fidbox(276).dat
2007-08-02 16:38 . 2007-07-01 12:44 11260960 --sha-w c:\windows\System32\drivers\fidbox(293).dat
2007-09-15 14:34 . 2007-07-01 12:44 20382240 --sha-w c:\windows\System32\drivers\fidbox(2963).dat
2007-09-15 17:06 . 2007-07-01 12:44 20692256 --sha-w c:\windows\System32\drivers\fidbox(3110).dat
2007-08-01 22:39 . 2007-07-01 12:44 10933024 --sha-w c:\windows\System32\drivers\fidbox(318).dat
2007-09-16 17:31 . 2007-07-01 12:44 21238816 --sha-w c:\windows\System32\drivers\fidbox(465).dat
2007-12-17 12:46 . 2007-07-01 12:44 30865440 --sha-w c:\windows\System32\drivers\fidbox(658).dat
2008-03-07 18:57 . 2007-07-01 12:44 12674848 --sha-w c:\windows\System32\drivers\fidbox(702).dat
2007-02-08 20:31 . 2007-02-08 20:31 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-05-19_17.40.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-28 17:54 . 2009-05-20 13:03 73164 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-05-20 13:03 81230 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:03 . 2009-05-19 16:54 81230 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-02-28 17:54 . 2009-05-19 01:36 16046 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3210595271-3191277292-2523619334-1001_UserData.bin
+ 2007-02-28 17:54 . 2009-05-20 11:24 16046 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3210595271-3191277292-2523619334-1001_UserData.bin
+ 2006-11-02 13:00 . 2009-05-20 13:01 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2009-05-19 17:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-05-20 13:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-05-19 17:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-05-19 17:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-05-20 13:01 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-17 13:08 . 2009-05-20 12:47 478644 c:\windows\System32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-05-20 11:24 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-20-2009\ERDNT.EXE
+ 2009-05-20 11:24 . 2009-05-20 11:24 4472832 c:\windows\ERDNT\AutoBackup\5-20-2009\Users\00000002\UsrClass.dat
+ 2009-05-20 11:24 . 2009-05-20 11:24 5566464 c:\windows\ERDNT\AutoBackup\5-20-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-08-11 3874886]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickenScheduledUpdates"="c:\program files\Quicken\bagent.exe" [2007-05-07 87592]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-13 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-01-12 303104]
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2008-9-30 288256]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-8 50688]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-2-27 972064]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-2-8 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck sasnative32
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^F1U201.401.lnk]
backup=c:\windows\pss\F1U201.401.lnkCommon Startup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launchy.lnk]
backup=c:\windows\pss\Launchy.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Thunderbird.exe.lnk]
backup=c:\windows\pss\Thunderbird.exe.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Jim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TrueAssistant.lnk]
backup=c:\windows\pss\TrueAssistant.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3210595271-3191277292-2523619334-1001]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0B6C266-8056-4D5B-B371-110EF226238A}"= TCP:67:DHCP Discovery Service
"{891874CB-8322-4FFE-A29D-DEDC25F0BA5F}"= UDP:c:\program files\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{7523DAE8-05F7-4878-B7BE-C3C53C42622A}"= TCP:c:\program files\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{0DCFAB01-B8AC-436E-94EE-10666AD31038}"= UDP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{CA394F77-2F60-4521-9D53-CD5DF7AAD066}"= TCP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{A882DC95-99D6-49F3-92C3-80E7372CBD6B}"= UDP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{35F97D51-F987-4245-AA7D-DD6351D25340}"= TCP:c:\program files\SnapStream Media\Beyond TV Link\BTVD3DShell.exe:Beyond TV ViewScape
"{590B78B0-6E7E-4C23-8D4F-82ED93D1BED0}"= UDP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{BEBE23F0-8353-4770-BFBA-282AEDECEC03}"= TCP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{8A4A7238-7D47-4CFF-A52A-E00B9E0789E3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{59E44FAE-7505-4CAB-B5D3-0BB30E22BF71}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{54AC49FE-6C87-452B-9C65-DF59DA8E1EEC}"= UDP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{FB1EC86D-DFC9-45EA-A1C2-63216FAEAA57}"= TCP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{CCD8B45C-21E5-45F2-A9CA-C07FDF1FB94B}"= UDP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{4BA6E512-9DED-473D-B127-957AD3B685A0}"= TCP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{CC382090-961D-421E-89B9-B07C016F60FC}"= UDP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{6B36DC8E-1774-4C31-A89E-D05A1764B3F7}"= TCP:c:\windows\System32\dlcqcoms.exe:Lexmark Communications System
"{F8B7BC82-F600-49F6-BC60-032AC227DA2C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{B9A5042C-4695-40CE-A633-140ABC21E6B9}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\dlcqpswx.exe:Printer Status Window
"{3129CAE1-91EB-42D5-BE4F-A0F13621C73F}"= UDP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{C0A29B0D-4008-4F91-976A-8F9716FAE33B}"= TCP:c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe:Device Monitor
"{4AC30B5B-C61D-4C65-B951-3FDB6193C34F}"= UDP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{DD9E778E-6EA9-4EAE-871D-23E2B060D8B0}"= TCP:c:\program files\Dell Photo AIO Printer 966\DLCQaiox.exe:All In One Center
"{386946C8-4438-44E5-8579-FF1B8CE1BC94}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7CD169B1-18FA-425D-9ABB-58C6298C7DE3}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{A2195EFE-39DC-42E2-B8A8-4D8CB31F7DE6}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{7F07B8D8-A700-4F05-A4E4-03AEE9B230E0}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{82D30015-480D-4855-BD67-405F857D5285}"= UDP:3306:MySQL Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 gupdate1c91a5fe5942e82;Google Update Service (gupdate1c91a5fe5942e82);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-19 133104]
R3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [2008-08-06 6656]
R3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\DRIVERS\idcphid.sys [2008-12-11 16256]
R4 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE [2006-12-13 24576]
S0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2009-04-16 134272]
S0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\DRIVERS\tdrpm174.sys [2009-04-16 971552]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-10 24636]
--- Other Services/Drivers In Memory ---
*Deregistered* - IDSvix86
*Deregistered* - sptd
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2009-05-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-19 14:14]
2009-05-20 c:\windows\Tasks\User_Feed_Synchronization-{3EB630C7-B1AE-4FA1-AE16-A0CBC297EEB7}.job
- c:\windows\system32\msfeedssync.exe [2008-05-25 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070208
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.lakesidecornhole.com/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_19.dll
FF - component: c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\746ofn78.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Panda Security\NanoScan\Plugins\npnanoscan.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 09:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4124)
c:\progra~1\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
c:\progra~1\Stardock\Object Desktop\DeskScapes\DreamControl.dll
c:\progra~1\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\progra~1\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\program files\FTP Voyager\ftpshext.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2009-05-20 9:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-20 13:07
ComboFix2.txt 2009-05-19 17:42
Pre-Run: 12,417,683,456 bytes free
Post-Run: 12,278,706,176 bytes free
331 --- E O F --- 2009-05-04 01:11
Do you have the Kaspersky log ?
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 20, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 20, 2009 14:40:19
Records in database: 2204527
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\
Scan statistics:
Files scanned: 204970
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:00:15
No malware has been detected. The scan area is clean.
The selected area was scanned.
There is no malware that would be causing your problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
All the forums above have good support for software/OS problems, and I'm sure they will be able to help.
When you start your thread, explain what the problem is and let them know that you have been checked for malware.
Give them the following link, so they can see the logs if needed
http://forums.spybot.info/showthread.php?p=313336#post313336
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
I'm clean! Thanks for the help. I'll follow your links.
Thanks again,
Jim