View Full Version : Spybot SD will not run (Resolved)
CD_Shoots
2009-07-25, 03:09
Hello. SS&D will not run, tried several installs. See my other posts for the error generated when I attempt to open it. My system should be 100% clean, as I just reformatted and reinstalled the OS... :confused:
Here is my logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:14 PM, on 7/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8083 bytes
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
If you still require help please do the following
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
CD_Shoots
2009-07-29, 19:59
Thanks for the response. The gmer.exe will no complete, windows says an error has prevented the program from working and it will close.
Here are the rsit logs:
Logfile of random's system information tool 1.06 (written by random/random)
Run by owner at 2009-07-29 13:35:08
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 382 GB (82%) free of 467 GB
Total RAM: 3060 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:18 PM, on 7/29/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8139 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-14 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-18 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-14 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-14 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-14 259696]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Conime"=C:\Windows\system32\conime.exe [2008-01-20 69120]
"EKIJ5000StatusMonitor"=C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-04-07 1511424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-14 39408]
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-07-29 13:35:08 ----D---- C:\rsit
2009-07-29 09:34:51 ----A---- C:\Windows\system32\mshtml.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\wininet.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\urlmon.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\occache.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\iertutil.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\ieframe.dll
2009-07-29 09:34:50 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-29 09:34:49 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-29 09:34:49 ----A---- C:\Windows\system32\ieui.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\iesetup.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\iernonce.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\iepeers.dll
2009-07-29 09:34:49 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-26 16:31:56 ----D---- C:\ProgramData\WindowsSearch
2009-07-24 21:02:57 ----D---- C:\Program Files\Trend Micro
2009-07-24 10:14:28 ----D---- C:\Program Files\MSXML 4.0
2009-07-23 21:40:27 ----D---- C:\ProgramData\kds_kodak
2009-07-23 21:12:10 ----D---- C:\ProgramData\Eastman Kodak Company
2009-07-23 21:11:32 ----A---- C:\Windows\system32\EKDeviceServices.dll
2009-07-23 21:10:47 ----D---- C:\Windows\system32\kodak
2009-07-23 21:10:13 ----D---- C:\Program Files\Kodak
2009-07-23 21:09:51 ----D---- C:\ProgramData\Apple
2009-07-23 21:09:51 ----D---- C:\Program Files\Bonjour
2009-07-23 21:07:57 ----D---- C:\ProgramData\Kodak
2009-07-23 21:06:18 ----D---- C:\Users\owner\AppData\Roaming\Temp
2009-07-23 09:26:29 ----A---- C:\Windows\IsUninst.exe
2009-07-23 09:03:22 ----A---- C:\Users\owner\AppData\Roaming\DataSafeDotNet.exe
2009-07-21 11:24:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-21 01:00:03 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-21 00:56:02 ----D---- C:\ProgramData\Lavasoft
2009-07-21 00:56:02 ----D---- C:\Program Files\Lavasoft
2009-07-21 00:55:14 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-20 21:40:24 ----D---- C:\Program Files\IrfanView
2009-07-20 21:23:39 ----D---- C:\Users\owner\AppData\Roaming\Malwarebytes
2009-07-20 21:23:35 ----D---- C:\ProgramData\Malwarebytes
2009-07-20 21:23:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 19:25:18 ----D---- C:\Program Files\Yahoo!
2009-07-20 11:44:15 ----D---- C:\Windows\system32\Lang
2009-07-20 11:43:50 ----A---- C:\Windows\system32\igmedkrn.dll
2009-07-20 11:43:50 ----A---- C:\Windows\system32\igfxCoIn_v1255.dll
2009-07-20 11:41:50 ----D---- C:\Program Files\Intel
2009-07-20 11:41:43 ----D---- C:\Intel
2009-07-17 09:29:26 ----D---- C:\Program Files\Dell DataSafe Online
2009-07-16 22:06:29 ----D---- C:\Windows\Sun
2009-07-16 21:22:45 ----D---- C:\ProgramData\Yahoo!
2009-07-16 21:12:40 ----D---- C:\ProgramData\SiteAdvisor
2009-07-16 21:12:18 ----D---- C:\Program Files\Common Files\McAfee
2009-07-16 21:12:13 ----D---- C:\ProgramData\McAfee
2009-07-16 21:12:13 ----D---- C:\Program Files\McAfee
2009-07-16 21:12:09 ----D---- C:\Users\owner\AppData\Roaming\Yahoo!
2009-07-16 14:20:39 ----D---- C:\Users\owner\AppData\Roaming\Mozilla
2009-07-16 14:20:35 ----D---- C:\Program Files\Mozilla Firefox
2009-07-15 22:08:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-15 21:38:41 ----A---- C:\Windows\system32\t2embed.dll
2009-07-15 21:38:41 ----A---- C:\Windows\system32\fontsub.dll
2009-07-15 21:38:41 ----A---- C:\Windows\system32\dciman32.dll
2009-07-15 21:38:41 ----A---- C:\Windows\system32\atmfd.dll
2009-07-15 09:57:18 ----AD---- C:\ProgramData\TEMP
2009-07-15 09:57:13 ----D---- C:\Program Files\SpywareBlaster
2009-07-15 01:39:36 ----D---- C:\Program Files\Common Files\Adobe
2009-07-14 23:30:23 ----A---- C:\Windows\system32\MSVCR71.dll
2009-07-14 23:30:23 ----A---- C:\Windows\system32\MSVCP71.dll
2009-07-14 23:30:23 ----A---- C:\Windows\system32\MFC71.dll
2009-07-14 23:30:23 ----A---- C:\Windows\system32\aswBoot.exe
2009-07-14 23:30:22 ----D---- C:\Program Files\Alwil Software
2009-07-14 23:12:51 ----D---- C:\Program Files\CCleaner
2009-07-14 23:07:40 ----D---- C:\Program Files\Adobe
2009-07-14 23:07:36 ----D---- C:\ProgramData\Adobe
2009-07-14 23:07:35 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-14 23:05:01 ----D---- C:\Users\owner\AppData\Roaming\Macromedia
2009-07-14 23:05:00 ----D---- C:\Users\owner\AppData\Roaming\Adobe
2009-07-14 23:04:58 ----D---- C:\Users\owner\AppData\Roaming\Google
2009-07-14 23:04:44 ----D---- C:\ProgramData\Google
2009-07-14 23:04:44 ----D---- C:\Program Files\Google
2009-07-14 23:04:41 ----D---- C:\Windows\system32\Macromed
2009-07-14 23:04:19 ----D---- C:\ProgramData\NOS
2009-07-14 23:04:19 ----D---- C:\Program Files\NOS
2009-07-14 16:32:04 ----HDC---- C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-14 15:52:18 ----D---- C:\Users\owner\AppData\Roaming\Dell
2009-07-14 15:31:46 ----D---- C:\Windows\Minidump
2009-07-14 15:12:46 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-14 15:12:46 ----A---- C:\Windows\system32\propsys.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\propdefs.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\msstrc.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\msshsq.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\msshooks.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\msscb.dll
2009-07-14 15:12:46 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\wsepno.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\tquery.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-14 15:12:45 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-14 15:12:45 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\offfilt.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\mssvp.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\mssrch.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\mssph.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-14 15:12:45 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-14 14:28:12 ----A---- C:\Windows\system32\javaws.exe
2009-07-14 14:28:12 ----A---- C:\Windows\system32\javaw.exe
2009-07-14 14:28:12 ----A---- C:\Windows\system32\java.exe
2009-07-14 14:28:12 ----A---- C:\Windows\system32\deploytk.dll
2009-07-14 14:28:02 ----D---- C:\Program Files\Java
2009-07-14 14:23:10 ----D---- C:\Windows\Panther
2009-07-14 14:22:57 ----RAS---- C:\BOOTSECT.BAK
2009-07-14 14:22:55 ----SHD---- C:\Boot
2009-07-14 14:22:41 ----D---- C:\Windows\system32\OEM
2009-07-14 14:06:20 ----A---- C:\Windows\system32\NVUNINST.EXE
2009-07-14 14:00:21 ----D---- C:\ProgramData\SupportSoft
2009-07-14 14:00:02 ----D---- C:\Program Files\Dell Support Center
2009-07-14 14:00:02 ----D---- C:\Program Files\Common Files\supportsoft
2009-07-14 13:58:10 ----D---- C:\ProgramData\Dell
2009-07-14 13:55:45 ----D---- C:\dell
2009-07-14 13:48:32 ----A---- C:\Windows\system32\tzres.dll
2009-07-14 13:44:34 ----D---- C:\ProgramData\Roxio
2009-07-14 13:44:33 ----D---- C:\Users\owner\AppData\Roaming\Roxio
2009-07-14 13:33:50 ----D---- C:\ProgramData\Uninstall
2009-07-14 13:33:48 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-07-14 13:32:07 ----D---- C:\ProgramData\Sonic
2009-07-14 13:31:59 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-14 13:31:59 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-07-14 13:31:49 ----D---- C:\Windows\Debug
2009-07-14 13:30:32 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-07-14 13:30:17 ----D---- C:\ProgramData\InstallShield
2009-07-14 13:29:56 ----ASH---- C:\Users\owner\AppData\Roaming\desktop.ini
2009-07-14 13:29:54 ----D---- C:\Program Files\Roxio
2009-07-14 13:29:54 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-14 13:26:18 ----D---- C:\Windows\SoftwareDistribution
2009-07-14 13:24:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-14 13:24:19 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-14 13:24:19 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-14 13:24:19 ----A---- C:\Windows\system32\icardres.dll
2009-07-14 13:24:19 ----A---- C:\Windows\system32\icardagt.exe
2009-07-14 13:24:18 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-14 13:24:17 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-14 13:23:49 ----D---- C:\Windows\Prefetch
2009-07-14 13:23:46 ----A---- C:\Windows\DUMP5724.tmp
2009-07-14 13:23:45 ----SHD---- C:\System Volume Information
2009-07-14 13:20:02 ----A---- C:\Windows\system32\dfshim.dll
2009-07-14 13:19:59 ----A---- C:\Windows\system32\mscoree.dll
2009-07-14 13:19:58 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-14 13:19:49 ----A---- C:\Windows\system32\mscorier.dll
2009-07-14 13:19:47 ----A---- C:\Windows\system32\mscories.dll
2009-07-14 12:21:15 ----A---- C:\Windows\system32\EncDec.dll
2009-07-14 12:21:14 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-14 12:18:58 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-14 12:18:56 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-14 12:18:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-14 12:16:07 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-14 12:16:07 ----A---- C:\Windows\system32\icardie.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\msls31.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\licmgr10.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\inseng.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\imgutil.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\ieakeng.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\corpol.dll
2009-07-14 12:16:06 ----A---- C:\Windows\system32\admparse.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-07-14 12:16:05 ----A---- C:\Windows\system32\wextract.exe
2009-07-14 12:16:05 ----A---- C:\Windows\system32\webcheck.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\mstime.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\msrating.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\ieakui.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-14 12:16:05 ----A---- C:\Windows\system32\advpack.dll
2009-07-14 12:16:04 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-14 12:16:03 ----A---- C:\Windows\system32\vbscript.dll
2009-07-14 12:16:03 ----A---- C:\Windows\system32\url.dll
2009-07-14 12:16:03 ----A---- C:\Windows\system32\jscript.dll
2009-07-14 12:16:02 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-07-14 12:16:02 ----A---- C:\Windows\system32\SetDepNx.exe
2009-07-14 12:16:02 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-07-14 12:16:02 ----A---- C:\Windows\system32\PDMSetup.exe
2009-07-14 12:16:02 ----A---- C:\Windows\system32\mshta.exe
2009-07-14 12:16:02 ----A---- C:\Windows\system32\iexpress.exe
2009-07-14 12:15:33 ----D---- C:\Windows\system32\RTCOM
2009-07-14 12:14:32 ----D---- C:\Windows\system32\x64
2009-07-14 12:14:32 ----A---- C:\Windows\system32\igxpun.exe
2009-07-14 12:14:31 ----A---- C:\Windows\system32\difxapi.dll
2009-07-14 12:00:44 ----A---- C:\Windows\system32\gdi32.dll
2009-07-14 12:00:42 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-07-14 12:00:42 ----A---- C:\Windows\system32\gameux.dll
2009-07-14 12:00:42 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-14 12:00:32 ----A---- C:\Windows\system32\msxml3.dll
2009-07-14 12:00:29 ----A---- C:\Windows\system32\shell32.dll
2009-07-14 12:00:27 ----A---- C:\Windows\explorer.exe
2009-07-14 12:00:25 ----A---- C:\Windows\system32\winresume.exe
2009-07-14 12:00:25 ----A---- C:\Windows\system32\winload.exe
2009-07-14 12:00:25 ----A---- C:\Windows\system32\kd1394.dll
2009-07-14 12:00:25 ----A---- C:\Windows\system32\ci.dll
2009-07-14 12:00:24 ----A---- C:\Windows\system32\srdelayed.exe
2009-07-14 12:00:24 ----A---- C:\Windows\system32\srcore.dll
2009-07-14 12:00:24 ----A---- C:\Windows\system32\srclient.dll
2009-07-14 12:00:24 ----A---- C:\Windows\system32\setbcdlocale.dll
2009-07-14 12:00:24 ----A---- C:\Windows\system32\rstrui.exe
2009-07-14 12:00:24 ----A---- C:\Windows\system32\kbd106n.dll
2009-07-14 12:00:20 ----A---- C:\Windows\system32\connect.dll
2009-07-14 12:00:19 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-14 12:00:18 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-14 12:00:10 ----A---- C:\Windows\system32\pacerprf.dll
2009-07-14 12:00:05 ----A---- C:\Windows\system32\es.dll
2009-07-14 11:59:57 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-14 11:59:53 ----A---- C:\Windows\system32\netapi32.dll
2009-07-14 11:58:37 ----A---- C:\Windows\system32\localspl.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\rpcss.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-14 11:57:38 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-14 11:57:38 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-14 11:57:38 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\iashost.exe
2009-07-14 11:57:38 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-14 11:57:38 ----A---- C:\Windows\system32\iasads.dll
2009-07-14 11:57:32 ----A---- C:\Windows\system32\secur32.dll
2009-07-14 11:57:32 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-14 11:57:32 ----A---- C:\Windows\system32\kernel32.dll
2009-07-14 11:57:32 ----A---- C:\Windows\system32\apilogen.dll
2009-07-14 11:57:32 ----A---- C:\Windows\system32\amxread.dll
2009-07-14 11:57:31 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-14 11:57:31 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-14 11:57:31 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-14 11:57:30 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-14 11:57:30 ----A---- C:\Windows\system32\dataclen.dll
2009-07-14 11:57:30 ----A---- C:\Windows\system32\cdd.dll
2009-07-14 11:57:22 ----A---- C:\Windows\system32\schannel.dll
2009-07-14 11:57:21 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-14 11:57:21 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-14 11:57:21 ----A---- C:\Windows\system32\mf.dll
2009-07-14 11:57:20 ----A---- C:\Windows\system32\logagent.exe
2009-07-14 11:57:17 ----A---- C:\Windows\system32\wshext.dll
2009-07-14 11:57:17 ----A---- C:\Windows\system32\wscript.exe
2009-07-14 11:57:17 ----A---- C:\Windows\system32\scrrun.dll
2009-07-14 11:57:17 ----A---- C:\Windows\system32\scrobj.dll
2009-07-14 11:57:17 ----A---- C:\Windows\system32\cscript.exe
2009-07-14 11:56:20 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-14 11:55:08 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-14 11:55:08 ----A---- C:\Windows\system32\wmp.dll
2009-07-14 11:55:08 ----A---- C:\Windows\system32\spwmp.dll
2009-07-14 11:55:08 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-14 11:54:22 ----A---- C:\Windows\system32\quartz.dll
2009-07-14 11:32:54 ----A---- C:\Windows\system32\msonpmon.dll
2009-07-14 11:32:42 ----D---- C:\Program Files\Microsoft Works
2009-07-14 11:32:36 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-14 11:32:32 ----D---- C:\Windows\PCHEALTH
2009-07-14 11:32:32 ----D---- C:\Program Files\Microsoft.NET
2009-07-14 11:28:27 ----D---- C:\Program Files\Microsoft Office
2009-07-14 11:27:51 ----RHD---- C:\MSOCache
2009-07-14 11:07:52 ----D---- C:\ProgramData\Microsoft Help
2009-07-14 10:59:56 ----A---- C:\Windows\system32\win32spl.dll
2009-07-14 10:59:54 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-14 10:55:42 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-14 10:55:42 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-14 10:55:08 ----A---- C:\Windows\system32\winhttp.dll
2009-07-14 10:54:31 ----A---- C:\Windows\system32\msxml6.dll
2009-07-14 10:54:18 ----A---- C:\Windows\system32\wersvc.dll
2009-07-14 10:54:18 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-14 10:51:50 ----D---- C:\Program Files\Dell
2009-07-14 10:49:24 ----A---- C:\Windows\system32\wups2.dll
2009-07-14 10:49:24 ----A---- C:\Windows\system32\wucltux.dll
2009-07-14 10:49:24 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-14 10:49:24 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-14 10:49:16 ----A---- C:\Windows\system32\wups.dll
2009-07-14 10:49:16 ----A---- C:\Windows\system32\wudriver.dll
2009-07-14 10:49:16 ----A---- C:\Windows\system32\wuapi.dll
2009-07-14 10:49:11 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-14 10:49:11 ----A---- C:\Windows\system32\wuapp.exe
2009-07-14 10:41:00 ----SHD---- C:\Windows\Installer
2009-07-14 10:39:26 ----D---- C:\Users\owner\AppData\Roaming\Identities
2009-07-14 10:39:20 ----SD---- C:\Users\owner\AppData\Roaming\Microsoft
2009-07-14 10:39:20 ----D---- C:\Users\owner\AppData\Roaming\Media Center Programs
======List of files/folders modified in the last 1 months======
2009-07-29 13:35:11 ----D---- C:\Windows\Temp
2009-07-29 11:45:27 ----D---- C:\Windows\System32
2009-07-29 11:45:27 ----D---- C:\Windows\inf
2009-07-29 11:45:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-29 09:43:47 ----D---- C:\Windows\system32\migration
2009-07-29 09:43:47 ----D---- C:\Program Files\Internet Explorer
2009-07-29 09:35:39 ----D---- C:\Windows\winsxs
2009-07-29 09:34:17 ----D---- C:\Windows\system32\catroot2
2009-07-29 09:34:17 ----D---- C:\Windows\system32\catroot
2009-07-26 16:31:56 ----HD---- C:\ProgramData
2009-07-24 21:02:57 ----RD---- C:\Program Files
2009-07-24 10:14:25 ----D---- C:\Windows
2009-07-23 21:25:00 ----D---- C:\Windows\Tasks
2009-07-23 21:20:04 ----D---- C:\Windows\system32\Tasks
2009-07-23 21:12:30 ----D---- C:\Windows\system32\drivers
2009-07-23 21:12:02 ----RSD---- C:\Windows\assembly
2009-07-23 21:10:47 ----D---- C:\Windows\twain_32
2009-07-20 19:32:57 ----SD---- C:\Windows\Downloaded Program Files
2009-07-20 18:56:06 ----SD---- C:\ProgramData\Microsoft
2009-07-17 19:20:16 ----D---- C:\Windows\system32\WDI
2009-07-16 21:22:40 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-16 21:12:18 ----D---- C:\Program Files\Common Files
2009-07-16 09:56:49 ----D---- C:\Windows\Logs
2009-07-15 22:02:17 ----D---- C:\Windows\rescache
2009-07-15 21:58:57 ----D---- C:\Program Files\Windows Mail
2009-07-15 21:50:15 ----D---- C:\Windows\Microsoft.NET
2009-07-14 15:46:14 ----D---- C:\Windows\system32\NDF
2009-07-14 15:17:19 ----D---- C:\Windows\system32\en-US
2009-07-14 15:17:19 ----D---- C:\Windows\PolicyDefinitions
2009-07-14 15:17:19 ----D---- C:\Windows\ehome
2009-07-14 15:11:18 ----D---- C:\Windows\system32\XPSViewer
2009-07-14 15:11:17 ----D---- C:\Windows\system32\wbem
2009-07-14 13:49:21 ----D---- C:\Windows\AppPatch
2009-07-14 13:49:21 ----D---- C:\Program Files\Windows Media Player
2009-07-14 13:06:36 ----D---- C:\Windows\system32\Boot
2009-07-14 12:56:20 ----RSD---- C:\Windows\Fonts
2009-07-14 12:23:06 ----D---- C:\Windows\system32\manifeststore
2009-07-14 11:29:11 ----D---- C:\Windows\ShellNew
2009-07-14 10:41:09 ----D---- C:\Windows\system32\restore
2009-07-14 10:39:35 ----SHD---- C:\$Recycle.Bin
2009-07-14 10:39:20 ----RD---- C:\Users
2009-07-07 11:10:56 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2008-01-20 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [2009-05-04 279960]
R2 KodakSvc;Kodak AiO Device Service; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [2009-04-17 32768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-14 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
-----------------EOF-----------------
CD_Shoots
2009-07-29, 20:01
info.txt logfile of random's system information tool 1.06 2009-07-29 13:35:19
======Uninstall list======
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Ad-Aware-->"C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
aiofw-->MsiExec.exe /I{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}
aioprnt-->MsiExec.exe /I{59B73DDC-593A-4D02-B9CA-1D8C9F912324}
aioscnnr-->MsiExec.exe /I{074AED0D-DD1C-432A-B38D-F8733604033F}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->"C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Dock-->C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
KODAK AiO Home Center-->C:\ProgramData\Kodak\Installer\Setup.exe /CD /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Security center information======
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender
======System event log======
Computer Name: owner-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 29603
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090729173244.543600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: owner-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 29619
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090729173323.958522-000
Event Type: Error
User:
Computer Name: owner-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 29620
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090729173329.000000-000
Event Type: Warning
User:
Computer Name: owner-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 29694
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090729173332.000000-000
Event Type: Warning
User:
Computer Name: owner-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 29698
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090729173336.000000-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2615090805-76219024-3138449942-1000:
Process 956 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2615090805-76219024-3138449942-1000
Record Number: 4020
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090729173242.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: owner-PC
Event Code: 1000
Message:
Record Number: 4021
Source Name: Application Error
Time Written: 20090729173243.000000-000
Event Type: Error
User:
Computer Name: owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2615090805-76219024-3138449942-1000_Classes:
Process 956 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2615090805-76219024-3138449942-1000_CLASSES
Record Number: 4022
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090729173243.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: owner-PC
Event Code: 1036
Message: InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.
Record Number: 4042
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090729173330.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: owner-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4045
Source Name: Microsoft-Windows-WMI
Time Written: 20090729173332.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 5918
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090729173517.637522-000
Event Type: Audit Failure
User:
Computer Name: owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 5919
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090729173517.653122-000
Event Type: Audit Failure
User:
Computer Name: owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 5920
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090729173517.668722-000
Event Type: Audit Failure
User:
Computer Name: owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 5921
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090729173517.684322-000
Event Type: Audit Failure
User:
Computer Name: owner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 5922
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090729173517.715522-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"kds_language"=13
-----------------EOF-----------------
SysProt Antirootkit
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google.com/site/sysprotantirootkit/
Unzip it into a folder on your desktop.
Double click Sysprot.exe to start the program.
Click on the Log tab. In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.]
CD_Shoots
2009-07-29, 22:30
I had to open the program "as administator". The program never notified me that it had completed (had stopped responding) and I closed it via program manager (ctrl/alt/del). Here is the sysprot log I have.
SysProt AntiRootkit v1.0.1.0
by swatkat
***********************************************************************************
*******
***********************************************************************************
*******
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: System
PID: 4
Hidden: No
Window Visible: No
Name: C:\Windows\System32\smss.exe
PID: 472
Hidden: No
Window Visible: No
Name: C:\Windows\System32\csrss.exe
PID: 560
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wininit.exe
PID: 604
Hidden: No
Window Visible: No
Name: C:\Windows\System32\csrss.exe
PID: 616
Hidden: No
Window Visible: No
Name: C:\Windows\System32\services.exe
PID: 648
Hidden: No
Window Visible: No
Name: C:\Windows\System32\lsass.exe
PID: 664
Hidden: No
Window Visible: No
Name: C:\Windows\System32\lsm.exe
PID: 676
Hidden: No
Window Visible: No
Name: C:\Windows\System32\winlogon.exe
PID: 708
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 848
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 912
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 952
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1068
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1088
Hidden: No
Window Visible: No
Name: C:\Windows\System32\audiodg.exe
PID: 1140
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1160
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SLsvc.exe
PID: 1176
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1232
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell\DellDock\DockLogin.exe
PID: 1420
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1504
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PID: 1740
Hidden: No
Window Visible: No
Name: C:\Windows\System32\dwm.exe
PID: 1748
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\ashServ.exe
PID: 1760
Hidden: No
Window Visible: No
Name: C:\Windows\explorer.exe
PID: 1792
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1808
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell\DellDock\DellDock.exe
PID: 320
Hidden: No
Window Visible: Yes
Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 760
Hidden: No
Window Visible: No
Name: C:\Windows\RtHDVCpl.exe
PID: 668
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PID: 1428
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 1464
Hidden: No
Window Visible: No
Name: C:\Windows\System32\spoolsv.exe
PID: 1512
Hidden: No
Window Visible: No
Name: C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PID: 1540
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 1964
Hidden: No
Window Visible: No
Name: C:\Windows\System32\taskeng.exe
PID: 1416
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PID: 1636
Hidden: No
Window Visible: No
Name: C:\Windows\System32\hkcmd.exe
PID: 2300
Hidden: No
Window Visible: No
Name: C:\Windows\System32\igfxpers.exe
PID: 2340
Hidden: No
Window Visible: No
Name: C:\Windows\System32\igfxsrvc.exe
PID: 2368
Hidden: No
Window Visible: No
Name: C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PID: 2484
Hidden: No
Window Visible: No
Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2504
Hidden: No
Window Visible: No
Name: C:\Windows\System32\taskeng.exe
PID: 2704
Hidden: No
Window Visible: No
Name: C:\Windows\System32\AERTSrv.exe
PID: 3080
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 3100
Hidden: No
Window Visible: No
Name: C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PID: 3128
Hidden: No
Window Visible: No
Name: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PID: 3244
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 3268
Hidden: No
Window Visible: No
Name: C:\Windows\System32\rundll32.exe
PID: 3276
Hidden: No
Window Visible: No
Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 3308
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 3328
Hidden: No
Window Visible: No
Name: C:\Windows\System32\svchost.exe
PID: 3380
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchIndexer.exe
PID: 3412
Hidden: No
Window Visible: No
Name: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PID: 3600
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wbem\unsecapp.exe
PID: 3792
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 2376
Hidden: No
Window Visible: No
Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 2800
Hidden: No
Window Visible: No
Name: C:\Windows\System32\wuauclt.exe
PID: 3800
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 3056
Hidden: No
Window Visible: No
Name: C:\Windows\System32\SearchFilterHost.exe
PID: 1732
Hidden: No
Window Visible: No
Name: C:\Users\owner\Desktop\Spybot Trouble\SysProt\SysProt\SysProt.exe
PID: 2952
Hidden: No
Window Visible: Yes
***********************************************************************************
*******
***********************************************************************************
*******
Kernel Modules:
Module Name: \??\C:\Users\owner\Desktop\Spybot
Trouble\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AA600000
Module End: AA60B000
Hidden: No
Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81E3C000
Module End: 821F5000
Hidden: No
Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81E09000
Module End: 81E3C000
Hidden: No
Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80409000
Module End: 80411000
Hidden: No
Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80411000
Module End: 80471000
Hidden: No
Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 80471000
Module End: 80482000
Hidden: No
Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80482000
Module End: 8048A000
Hidden: No
Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8048A000
Module End: 804CB000
Hidden: No
Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804CB000
Module End: 805AB000
Hidden: No
Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80600000
Module End: 8067C000
Hidden: No
Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8067C000
Module End: 80689000
Hidden: No
Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80689000
Module End: 806CF000
Hidden: No
Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806CF000
Module End: 806D8000
Hidden: No
Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806D8000
Module End: 806E0000
Hidden: No
Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E0000
Module End: 80707000
Hidden: No
Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80707000
Module End: 80716000
Hidden: No
Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80716000
Module End: 80725000
Hidden: No
Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80725000
Module End: 8076F000
Hidden: No
Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 8076F000
Module End: 80776000
Hidden: No
Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 80776000
Module End: 80784000
Hidden: No
Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80784000
Module End: 80794000
Hidden: No
Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80794000
Module End: 8079C000
Hidden: No
Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8079C000
Module End: 807BA000
Hidden: No
Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 807BA000
Module End: 807EC000
Hidden: No
Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 807EC000
Module End: 807FC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\Lbd.sys
Service Name: Lbd
Module Base: 805AB000
Module End: 805BA000
Hidden: No
Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 805BA000
Module End: 805C3000
Hidden: No
Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 89C0F000
Module End: 89C80000
Hidden: No
Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 89C80000
Module End: 89D8B000
Hidden: No
Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 89D8B000
Module End: 89DB6000
Hidden: No
Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 89DB6000
Module End: 89DF0000
Hidden: No
Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 89E03000
Module End: 89EEA000
Hidden: No
Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 89EEA000
Module End: 89F05000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8A004000
Module End: 8A113000
Hidden: No
Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8A113000
Module End: 8A14C000
Hidden: No
Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8A14C000
Module End: 8A154000
Hidden: No
Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8A154000
Module End: 8A163000
Hidden: No
Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8A163000
Module End: 8A18A000
Hidden: No
Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8A18A000
Module End: 8A19B000
Hidden: No
Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 8A19B000
Module End: 8A1BC000
Hidden: No
Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8A1BC000
Module End: 8A1C5000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8A1E5000
Module End: 8A1F0000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8A1F0000
Module End: 8A1F9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 89F05000
Module End: 89F14000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: igfx
Module Base: 8DE09000
Module End: 8E4C4000
Hidden: No
Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8E4C4000
Module End: 8E563000
Hidden: No
Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8E563000
Module End: 8E570000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\e1e6032.sys
Service Name: e1express
Module Base: 8E570000
Module End: 8E5AA000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8E5AA000
Module End: 8E5B5000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8E5B5000
Module End: 8E5F3000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 89F14000
Module End: 89F23000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 89F23000
Module End: 89F35000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\VSTBS23.SYS
Service Name: VSTHWBS2
Module Base: 89F35000
Module End: 89F7D000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 89F7D000
Module End: 89FA7000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\VSTDPV3.SYS
Service Name: VST_DPV
Module Base: 8E60E000
Module End: 8E712000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
Service Name: winachsf
Module Base: 8E712000
Module End: 8E7C5000
Hidden: No
Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8E7C5000
Module End: 8E7D2000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XV
Module Base: 8E80C000
Module End: 8E881000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\fdc.sys
Service Name: fdc
Module Base: 8E881000
Module End: 8E88C000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8E88C000
Module End: 8E8A4000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8E8A4000
Module End: 8E8D2000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8E8D2000
Module End: 8E913000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8E913000
Module End: 8E91E000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8E91E000
Module End: 8E935000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8E935000
Module End: 8E940000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8E940000
Module End: 8E963000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8E963000
Module End: 8E972000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8E972000
Module End: 8E986000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8E986000
Module End: 8E99B000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8E99B000
Module End: 8E9AB000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8E9AB000
Module End: 8E9B6000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8E9B6000
Module End: 8E9C1000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8E9C1000
Module End: 8E9C3000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8E9C3000
Module End: 8E9CD000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8E9CD000
Module End: 8E9DA000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 89FA7000
Module End: 89FDB000
Hidden: No
Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8E9DA000
Module End: 8E9EB000
Hidden: No
Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8EA00000
Module End: 8EBF5000
Hidden: No
Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8E7D2000
Module End: 8E7FF000
Hidden: No
Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 89FDB000
Module End: 8A000000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 8EBF5000
Module End: 8EBFE000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8E9EB000
Module End: 8E9F2000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8E9F2000
Module End: 8E9F9000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8E9F9000
Module End: 8EA00000
Hidden: No
Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8E800000
Module End: 8E80C000
Hidden: No
Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 805C3000
Module End: 805E4000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8E600000
Module End: 8E608000
Hidden: No
Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8E5F3000
Module End: 8E5FB000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 89DF0000
Module End: 89DFB000
Hidden: No
Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 89C00000
Module End: 89C0E000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8DE00000
Module End: 8DE09000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 805E4000
Module End: 805FA000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8EE04000
Module End: 8EE18000
Hidden: No
Module Name: C:\Windows\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: 8EE18000
Module End: 8EE23000
Hidden: No
Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8EE23000
Module End: 8EE6B000
Hidden: No
Module Name: C:\Windows\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: 8EE6B000
Module End: 8EE6F000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8EE6F000
Module End: 8EEA1000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8EEA1000
Module End: 8EEB7000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8EEB7000
Module End: 8EEC5000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8EEC5000
Module End: 8EED8000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8EED8000
Module End: 8EF14000
Hidden: No
Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8EF14000
Module End: 8EF1E000
Hidden: No
Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8EF1E000
Module End: 8EF35000
Hidden: No
Module Name: C:\Windows\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: 8EF35000
Module End: 8EF56000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8EF56000
Module End: 8EF5F000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8EF5F000
Module End: 8EF6F000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8EF6F000
Module End: 8EF71000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8EF71000
Module End: 8EF79000
Hidden: No
Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8EF79000
Module End: 8EF86000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8EF86000
Module End: 8EF91000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8EF91000
Module End: 8EF99000
Hidden: Yes
Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8EF99000
Module End: 8EFA2000
Hidden: No
Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8EFA2000
Module End: 8EFAC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8EFAC000
Module End: 8EFBB000
Hidden: No
Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8EFBB000
Module End: 8EFD6000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\aswMonFlt.sys
Service Name: aswMonFlt
Module Base: 8EFD6000
Module End: 8EFED000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: 8EFED000
Module End: 8EFF5000
Hidden: No
Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 81009000
Module End: 810B8000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 810B8000
Module End: 810C8000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 810C8000
Module End: 810F2000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 810F2000
Module End: 810FC000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 810FC000
Module End: 8110F000
Hidden: No
Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 8110F000
Module End: 8117A000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 8117A000
Module End: 81197000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 81197000
Module End: 811B0000
Hidden: No
Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 811B0000
Module End: 811C5000
Hidden: No
Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 811C5000
Module End: 811E5000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 8A1C5000
Module End: 8A1E4000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: AA60E000
Module End: AA647000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: AA647000
Module End: AA65F000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: AA65F000
Module End: AA686000
Hidden: No
Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: AA686000
Module End: AA6D2000
Hidden: No
Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: AA6D2000
Module End: AA7B0000
Hidden: No
Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: AA7B0000
Module End: AA7BA000
Hidden: No
Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: AA7BA000
Module End: AA7E2000
Hidden: No
Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: AA7E2000
Module End: AA7EE000
Hidden: No
Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 811E5000
Module End: 811FB000
Hidden: No
***********************************************************************************
*******
***********************************************************************************
*******
No SSDT Hooks found
***********************************************************************************
*******
***********************************************************************************
*******
No Kernel Hooks found
***********************************************************************************
*******
***********************************************************************************
*******
No IRP Hooks found
***********************************************************************************
*******
***********************************************************************************
*******
Ports:
Local Address: owner-PC.MYHOME.WESTELL.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: owner-PC:49163
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
State: ESTABLISHED
Local Address: owner-PC:49158
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
State: ESTABLISHED
Local Address: owner-PC:49157
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
State: ESTABLISHED
Local Address: owner-PC:49156
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
State: ESTABLISHED
Local Address: owner-PC:5354
Remote Address: LOCALHOST:49163
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: owner-PC:5354
Remote Address: LOCALHOST:49158
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: owner-PC:5354
Remote Address: LOCALHOST:49157
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: owner-PC:5354
Remote Address: LOCALHOST:49156
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: owner-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: owner-PC:49159
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING
Local Address: owner-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING
Local Address: owner-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: owner-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: owner-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING
Local Address: owner-PC:9322
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
State: LISTENING
Local Address: owner-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: owner-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: owner-PC.MYHOME.WESTELL.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: owner-PC.MYHOME.WESTELL.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC.MYHOME.WESTELL.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: owner-PC.MYHOME.WESTELL.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: owner-PC:53452
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC:60196
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: owner-PC:56941
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: owner-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: owner-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
***********************************************************************************
*******
***********************************************************************************
*******
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\SPP
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\System Volume Information\Windows Backup
Status: Access denied
Object: C:\System Volume Information\{05f25749-70ab-11de-949d-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{0753178c-7402-11de-bbf8-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{07a7fb8b-7545-11de-b930-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{0e73b6ed-75bb-11de-b6cb-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{1095b0e2-7667-11de-88f6-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{14231e8d-72cf-11de-b7aa-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{14231e91-72cf-11de-b7aa-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{1ab231b5-7789-11de-96bd-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{2aace8ce-791e-11de-92cc-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{2b2efbb7-7985-11de-9575-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{2fe0d4a6-71aa-11de-a8fa-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{31ca274d-7ad5-11de-84b7-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{415d29ed-720c-11de-bfce-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{41c8f4a4-708a-11de-9b88-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{47cf14ae-785b-11de-ba23-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{4baa8493-709d-11de-91af-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{4ee0c881-71a8-11de-9f6e-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{54e8be32-70a4-11de-9288-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{5788246b-7543-11de-8960-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{57882471-7543-11de-8960-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{57882477-7543-11de-8960-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{5788247e-7543-11de-8960-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{5a6bf5a9-70f0-11de-99ef-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{5a6bf5bc-70f0-11de-99ef-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{6af62c6d-7a28-11de-a419-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{6f938251-7b9f-11de-b326-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{6fb9246c-7261-11de-9c54-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{7dd720ce-762a-11de-81ae-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{86eb27ac-7086-11de-98e7-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a4479f-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447a5-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447b8-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447be-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447c5-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447cb-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{89a447d1-709b-11de-93d3-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{90f4a388-70e9-11de-a915-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{90f4a38e-70e9-11de-a915-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{9efe2c43-7c43-11de-9d89-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{a55f46ed-74c7-11de-ac91-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{b1454392-7092-11de-85d8-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bc03742d-709e-11de-958c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bc037433-709e-11de-958c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bc037439-709e-11de-958c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bc037462-709e-11de-958c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bc037468-709e-11de-958c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bd4d6acd-77ec-11de-b1b2-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bd4d6b68-77ec-11de-b1b2-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{bd4d6b6e-77ec-11de-b1b2-0024e80d5f52}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{c1f8b820-7098-11de-81a5-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{c2d5bc42-708d-11de-b686-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{c95349bf-7104-11de-9686-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{efd1a028-7084-11de-81bc-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{efd1a09a-7084-11de-81bc-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\System Volume Information\{f15bf49a-7099-11de-a68c-001d09a1fbd4}
{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
Information
There is no obvious reason why you should be having problems ???
----------------------------------------------------------------------------------------
Step 1
Malwarebytes' Anti-Malware
I notice that you have MBAM installed, please do the following
Start MalwareBytes AntiMalware
Update Malwarebytes' Anti-Malware
Select the Update tab
Click Update
When the update is complete, select the Scanner tab
Select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
MalwareBytes Log
Combofix Log
CD_Shoots
2009-07-30, 06:00
After skimming over the combofix directions I am wondering if all this is worth it, my computer has NO issues other than Spybot S&D not running. But, I will run Malwarebytes again (it was outdated) and post the log for you tomorrow. Thanks for your time on this.
CD_Shoots
2009-07-30, 06:43
Here is the first, nothing detected.
______________________________________
Malwarebytes' Anti-Malware 1.39
Database version: 2529
Windows 6.0.6001 Service Pack 1
7/30/2009 12:42:35 AM
mbam-log-2009-07-30 (00-42-35).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 184965
Time elapsed: 23 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
After skimming over the combofix directions I am wondering if all this is worth it,
Will you be posting the Combofix log, or will you leave things as they are ?
CD_Shoots
2009-07-30, 17:21
ComboFix 09-07-29.03 - owner 07/30/2009 11:06.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3060.2062 [GMT -4:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 15:10 . 2009-07-30 15:10 -------- d-----w- c:\users\owner\AppData\Local\temp
2009-07-29 17:35 . 2009-07-29 17:35 -------- d-----w- C:\rsit
2009-07-26 20:31 . 2009-07-26 20:31 -------- d-----w- c:\programdata\WindowsSearch
2009-07-25 01:02 . 2009-07-25 01:02 -------- d-----w- c:\program files\Trend Micro
2009-07-24 14:14 . 2009-07-24 14:14 -------- d-----w- c:\program files\MSXML 4.0
2009-07-24 01:40 . 2009-07-24 01:40 -------- d-----w- c:\programdata\kds_kodak
2009-07-24 01:40 . 2009-07-24 01:40 -------- d-----w- c:\users\owner\AppData\Local\Eastman_Kodak_Company
2009-07-24 01:12 . 2009-07-24 01:12 -------- d-----w- c:\programdata\Eastman Kodak Company
2009-07-24 01:12 . 2009-07-24 01:12 -------- d-----w- c:\users\owner\AppData\Local\Eastman Kodak Company
2009-07-24 01:11 . 2009-04-17 16:08 12800 ----a-w- c:\windows\system32\EKDeviceServices.dll
2009-07-24 01:10 . 2009-07-24 01:10 -------- d-----w- c:\windows\system32\kodak
2009-07-24 01:10 . 2009-07-24 01:10 -------- d-----w- c:\program files\Kodak
2009-07-24 01:09 . 2009-07-24 01:09 -------- d-----w- c:\programdata\Apple
2009-07-24 01:09 . 2009-07-24 01:09 -------- d-----w- c:\program files\Bonjour
2009-07-24 01:07 . 2009-07-24 01:19 -------- d-----w- c:\programdata\Kodak
2009-07-23 13:26 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-07-23 13:03 . 2009-07-25 19:44 8270752 ----a-w- c:\users\owner\AppData\Roaming\DataSafeDotNet.exe
2009-07-21 15:24 . 2009-07-21 15:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 05:00 . 2009-07-21 05:00 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-21 05:00 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-21 04:56 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-21 04:56 . 2009-07-21 05:00 -------- d-----w- c:\programdata\Lavasoft
2009-07-21 04:56 . 2009-07-21 04:56 -------- d-----w- c:\program files\Lavasoft
2009-07-21 04:55 . 2009-07-21 05:54 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-21 01:40 . 2009-07-21 01:40 -------- d-----w- c:\program files\IrfanView
2009-07-21 01:23 . 2009-07-21 01:23 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2009-07-21 01:23 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 01:23 . 2009-07-21 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 01:23 . 2009-07-21 01:23 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 01:23 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 23:25 . 2009-05-26 23:50 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-07-20 23:25 . 2009-07-20 23:25 -------- d-----w- c:\program files\Yahoo!
2009-07-20 15:44 . 2009-07-20 15:44 -------- d-----w- c:\windows\system32\Lang
2009-07-20 15:43 . 2007-04-14 01:55 204800 ----a-w- c:\windows\system32\igfxCoIn_v1255.dll
2009-07-20 15:43 . 2007-04-14 01:30 910464 ----a-w- c:\windows\system32\igmedkrn.dll
2009-07-20 15:41 . 2009-07-20 15:41 -------- d-----w- c:\program files\Intel
2009-07-20 15:41 . 2009-07-20 15:50 -------- d-----w- C:\Intel
2009-07-17 13:29 . 2009-07-17 13:32 -------- d-----w- c:\users\owner\AppData\Local\DataSafeOnline
2009-07-17 13:29 . 2009-07-25 19:45 -------- d-----w- c:\program files\Dell DataSafe Online
2009-07-17 02:06 . 2009-07-17 02:06 -------- d-----w- c:\windows\Sun
2009-07-17 01:24 . 2009-07-20 23:26 -------- d-----w- c:\users\owner\AppData\Local\Yahoo
2009-07-17 01:22 . 2009-07-17 01:24 -------- d-----w- c:\programdata\Yahoo!
2009-07-17 01:12 . 2009-07-17 01:12 -------- d-----w- c:\programdata\SiteAdvisor
2009-07-17 01:12 . 2009-07-17 01:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-17 01:12 . 2009-07-17 02:46 -------- d-----w- c:\program files\McAfee
2009-07-17 01:12 . 2009-07-17 01:12 -------- d-----w- c:\programdata\McAfee
2009-07-17 01:12 . 2009-07-17 01:12 -------- d-----w- c:\users\owner\AppData\Roaming\Yahoo!
2009-07-16 18:20 . 2009-07-16 18:20 -------- d-----w- c:\users\owner\AppData\Local\Mozilla
2009-07-16 02:52 . 2009-07-16 02:52 -------- d-----w- c:\users\owner\AppData\Local\Dell
2009-07-16 02:08 . 2009-07-21 15:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-16 01:38 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 01:38 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 01:38 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 01:38 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:57 . 2009-07-30 04:45 -------- d-----w- c:\program files\SpywareBlaster
2009-07-15 05:39 . 2009-07-15 05:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-15 05:36 . 2009-07-19 01:15 -------- d-----w- c:\users\owner\AppData\Local\Adobe
2009-07-15 03:30 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-15 03:30 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-15 03:30 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-15 03:30 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-15 03:30 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-15 03:30 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-15 03:30 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-15 03:30 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-15 03:30 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-07-15 03:30 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-07-15 03:30 . 2009-07-15 03:30 -------- d-----w- c:\program files\Alwil Software
2009-07-15 03:19 . 2009-07-15 03:19 -------- d-----w- c:\users\owner\AppData\Local\Stardock_Corporation
2009-07-15 03:12 . 2009-07-15 03:12 -------- d-----w- c:\program files\CCleaner
2009-07-15 03:07 . 2009-02-12 09:35 38208 ----a-w- c:\users\owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-15 03:07 . 2009-07-15 03:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-15 03:05 . 2009-07-15 03:05 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-07-15 03:04 . 2009-07-15 04:04 -------- d-----w- c:\users\owner\AppData\Local\Google
2009-07-15 03:04 . 2009-07-15 03:04 -------- d-----w- c:\program files\Google
2009-07-15 03:04 . 2009-07-15 03:04 -------- d-----w- c:\windows\system32\Macromed
2009-07-15 03:04 . 2009-07-20 23:32 -------- d-----w- c:\programdata\NOS
2009-07-15 03:04 . 2009-07-20 23:32 -------- d-----w- c:\program files\NOS
2009-07-14 20:32 . 2009-07-14 20:32 -------- dc-h--w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-14 20:32 . 2009-06-18 17:18 3289008 -c--a-w- c:\programdata\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
2009-07-14 20:31 . 2009-07-14 20:31 -------- d-----w- c:\users\owner\AppData\Local\PackageAware
2009-07-14 19:52 . 2009-07-14 20:32 -------- d-----w- c:\users\owner\AppData\Roaming\Dell
2009-07-14 19:49 . 2009-07-20 16:21 -------- d-----w- c:\users\owner\AppData\Local\Deployment
2009-07-14 19:49 . 2009-07-14 19:49 -------- d-----w- c:\users\owner\AppData\Local\Apps
2009-07-14 18:28 . 2009-07-14 18:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-14 18:28 . 2009-07-14 18:28 -------- d-----w- c:\program files\Java
2009-07-14 18:23 . 2009-07-14 17:28 -------- d-----w- c:\windows\Panther
2009-07-14 18:22 . 2009-07-14 18:22 -------- d-sh--w- C:\Boot
2009-07-14 18:22 . 2009-07-14 18:22 -------- d-----w- c:\windows\system32\OEM
2009-07-14 18:06 . 2007-05-14 22:48 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-14 18:00 . 2009-07-14 18:00 -------- d-----w- c:\users\owner\AppData\Local\SupportSoft
2009-07-14 18:00 . 2009-07-14 18:00 69120 ----a-w- c:\programdata\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
2009-07-14 18:00 . 2009-07-14 18:00 -------- d-----w- c:\programdata\SupportSoft
2009-07-14 18:00 . 2009-07-15 14:18 -------- d-----w- c:\program files\Dell Support Center
2009-07-14 18:00 . 2009-07-14 18:00 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-14 17:58 . 2009-07-14 20:32 -------- d-----w- c:\programdata\Dell
2009-07-14 17:55 . 2009-07-14 18:00 -------- d-----w- C:\dell
2009-07-14 17:48 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 17:44 . 2009-07-14 17:44 -------- d-----w- c:\programdata\Roxio
2009-07-14 17:44 . 2009-07-14 17:44 -------- d-----w- c:\users\owner\AppData\Roaming\Roxio
2009-07-14 17:33 . 2009-07-14 17:33 -------- d-----w- c:\programdata\Uninstall
2009-07-14 17:33 . 2008-04-17 10:50 602112 ----a-r- c:\programdata\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\bin\setupresENU.dll
2009-07-14 17:33 . 2008-03-13 10:50 4700656 ----a-r- c:\programdata\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe
2009-07-14 17:33 . 2009-07-14 17:33 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-07-14 17:32 . 2009-07-14 17:32 -------- d-----w- c:\programdata\Sonic
2009-07-14 17:31 . 2009-07-14 17:32 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-14 17:31 . 2009-07-14 17:32 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-14 17:31 . 2009-07-24 01:12 -------- d-----w- c:\windows\Debug
2009-07-14 17:30 . 2009-07-14 17:32 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-14 17:30 . 2009-07-14 17:30 -------- d-----w- c:\programdata\InstallShield
2009-07-14 17:29 . 2009-07-14 18:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-14 17:29 . 2009-07-14 17:33 -------- d-----w- c:\program files\Roxio
2009-07-14 17:24 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-14 17:24 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-14 17:24 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-14 17:24 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-14 17:24 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-14 17:24 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-14 17:24 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-14 17:20 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-14 17:19 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-14 17:19 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-14 17:19 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-14 17:19 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-14 16:21 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-24 01:12 . 2009-07-24 01:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-21 21:52 . 2009-07-29 13:34 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 13:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 13:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 13:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 04:23 . 2009-07-14 14:39 58896 ----a-w- c:\users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 01:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 05:34 . 2009-07-15 05:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-14 17:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 16:22 . 2009-07-14 17:23 207777251 ----a-w- c:\windows\DUMP5724.tmp
2009-07-14 15:56 . 2009-07-14 14:39 680 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat
2009-05-04 17:25 . 2009-07-24 01:19 298392 ----a-w- c:\programdata\Kodak\Installer\Registration.exe
2009-05-04 17:25 . 2009-07-24 01:19 24472 ----a-w- c:\programdata\Kodak\Installer\C4USelfUpdater.exe
2009-05-04 17:25 . 2009-07-24 01:19 38808 ----a-w- c:\programdata\Kodak\Installer\Setup.exe
2009-07-20 23:36 . 2009-07-16 18:20 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-15 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F1A355E7-1CB5-4B98-981A-0970536E2D79}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7216DE65-2716-40B4-A711-40272F2233F2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DEB8877A-C0DC-4D8E-839E-E4ABA645A80D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EF131A70-9A94-4222-B37E-C441DF6526BB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8D9FEB6D-1DA2-4C9B-9C00-199C1F83368D}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{4311E2E1-13FD-4E08-85E8-2600BE2D5264}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{59A5627B-764E-4E78-AB74-C46BEA63BA40}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{32F43A62-F00D-4364-ABF2-F03948A52FAC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7EAF901B-CC72-421D-97FA-A46BA4A269EC}"= UDP:9322:EKDiscovery
"{379FE12A-F01F-455D-B085-9BBD86904D69}"= UDP:9323:EKDiscovery
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/21/2009 1:00 AM 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7/14/2009 11:30 PM 114768]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 6:17 AM 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [7/14/2009 11:30 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [7/14/2009 11:30 PM 51792]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 10:11 AM 155648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/16/2009 9:12 PM 210216]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [1/20/2008 10:23 PM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [1/20/2008 10:23 PM 251904]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\users\owner\Desktop\Spybot Trouble\SysProt\SysProt\SysProtDrv.sys [7/29/2009 4:14 PM 44288]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\qhsefe1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1125.mail.yahoo.com/mc/welcome?.gx=1&.tm=1247768573&.rand=95gsmledq9olu|http://www.google.com/ig?hl=en
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 11:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2476)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-07-30 11:11
ComboFix-quarantined-files.txt 2009-07-30 15:11
Pre-Run: 398,582,435,840 bytes free
Post-Run: 398,685,036,544 bytes free
300 --- E O F --- 2009-07-29 13:35
CD_Shoots
2009-07-30, 17:23
My desktop background and user settings in IE8 are gone, I don't know if combofix has put some things back into default but it looks like it did.
I will try to install spybot again, will let you know if it succeeds.
I don't know if combofix has put some things back into default but it looks like it did.
Yes it does.
You can change them back if you want to
I will try to install spybot again, will let you know if it succeeds.
Please do.
CD_Shoots
2009-07-30, 18:01
Uninstalled SBS&D and downloaded from SaferNetworking mirror #2 (spybotUpdates.biz) and reinstalled, rebooted. The program still refuses to run:
SpybotSD.exe - Entry Point Not Found
The procedure entry point inet_ntoa could not be located in the dynamic link library wsock32.dll.
Followed by a Microsoft Windows (error report) advise box,
Spybot - Search & Destroy has stopped working.
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. [close program]
These are the same errors as before.
CD_Shoots
2009-07-30, 21:51
I think I'm done with this, unless you find something here soon.
You have my permission to use these logs in a bug report if you wish to submit one, but please omit my IP if you do forward it on.
I've enjoyed using Spybot S&D for many years, and still use it on another (XP SP3) system. I wish we could have resolved this but I am not going to trash a new OS over it.
Thank you again for all your time on this.
Well, it certainly isn't an infection that is causing your problem.
However, if there is something wrong with wsock32.dll then we should really try to sort it.
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
@echo off
cd C:\Windows\system32
sfc /verifyfile=c:\windows\system32\wsock32.dll > "%userprofile%\desktop\Look.txt"
Notepad "%userprofile%\desktop\Look.txt"
del /q %0
exit
Right click > Run As Admin on look.bat
Notepad will open, please copy/paste the results here.
CD_Shoots
2009-07-31, 18:25
Log.bat results:
Windows Resource Protection found integrity violations. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log
Am unable to view the Windows CBS.log, if you could tell me how to edit permissions, or? I don't know what "integrity violations" means.
(reminder) I have run SFC.exe and check disk, no errors were found.
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.
@echo off
if exist "%userprofile%\desktop\Look.txt" del /q "%userprofile%\desktop\Look.txt"
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%\desktop\Look.txt"
Notepad "%userprofile%\desktop\Look.txt"
del /q %0
exit
Right click > Run As Admin on look.bat
Notepad will open, please copy/paste the results here.
Please note, this is not my area of knowledge so I may have to refer you to a O/S tech forum at some point.
CD_Shoots
2009-07-31, 19:10
that may have worked, hold onnnnnnnn
trying to install again
that may have worked,
I doubt it, that will only produce a log of the error report.
CD_Shoots
2009-07-31, 19:24
For a minute I thought it had extracted a good copy of wsock.dll, oh well.
Here is the log:
--------------------------------
2009-07-31 12:14:13, Info CSI 00000006 [SR] Verifying 1 components
2009-07-31 12:14:13, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2009-07-31 12:14:13, Info CSI 00000009 [SR] Cannot repair member file [l:22{11}]"wsock32.dll" of Microsoft-Windows-Winsock-Legacy, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2009-07-31 12:14:13, Info CSI 0000000a [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[l:22{11}]"wsock32.dll" by copying from backup
2009-07-31 12:14:13, Info CSI 0000000c [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"wsock32.dll" from store
2009-07-31 12:14:13, Info CSI 0000000e [SR] Verify complete
[SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"wsock32.dll" from store
Actually, you may be right !
Try the install now
CD_Shoots
2009-07-31, 20:48
No, it had the same error...
BUT
Now 100% convinced the problem was damage to the wsock.dll file, I ran SFC as admin again, and this time I found joy!
I am going to load SP2 on here when I have time, I hope I don't have any more damaged system files after that. (The sfc still reports some that couldn't be repaired, see)
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.log//snip
The system file repair changes will take effect after the next reboot.
I am very happy to tell you I now have Spybot S&D protecting me from 134221 malicious sites!
Thank you so much, you have been a great help. - CD
I hope I don't have any more damaged system files after that
SP2 should sort any problems.
I am very happy to tell you I now have Spybot S&D protecting me from 134221 malicious sites!
That's great news :)
----------------------------------------------------------------------------------------
lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
CD_Shoots
2009-08-01, 06:30
OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt
You can also delete any logs we have produced, and empty your Recycle bin.
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Very nice program, it even cleaned the Qoobox folder off C:\ .
Thank you again, am in fine shape now. - CD