PDA

View Full Version : Programs freezing, System Restore unavailable, computer slow (Resolved)



Mary Young
2009-08-31, 19:20
I think I have Malware on my computer? I’d be grateful for your advice.
I have a 6month old Dell Studio laptop running Windows Vista Home Premium and Firefox 3, with PCGuard AV and Firewall; plus an external hard drive and a FlashDrive.
About a week ago, while uploading an image to Photobucket, Firefox froze, “not responding”, and I couldn’t close it using TaskManager. Tried Internet Explorer 7 with same result. I had to reboot. I’m now getting intermittent “not responding” with any program I use. Windows Explorer often closes down and restarts.
AV Scans result in log error “C:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\RPS SafeConnect.msi. Some parts of this file could not be scanned because they are password protected. The real-time protection will automatically scan these parts when they are accessed.”
System Restore is non-operating, although I can see about 12 days of Restore Points listed (System Checkpoints, and updates to Windows and PCGuard). The error message is “The writer experienced a transitory error … If the backup process is retried the error may not occur (0x800423F3).” But the error always does occur!
Yesterday ran Esetonlinescanner, which found one file in a temp folder, and quarantined it, but no improvement.

I can’t recall doing anything unusual recently, apart from
(1) Having trouble downloading a PDF with Foxit Reader and installing Acrobat Reader.
(2) Attempting to install CD software for a mobile phone and getting an error message about not having .Net Framework 1 on my computer. I didn’t follow up on this, as I think I have a later version of .Net Framework.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09:37, on 31/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\QUICKENW\qagent.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\mrtMngr.EXE
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Spell Check Anywhere\sa.exe
C:\Program Files\Spell Check Anywhere\SpellCheckAnywhereAssist.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [FsVdInstReboot] 
O4 - HKLM\..\RunOnce: [FsVdUnReboot] 
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2180953605-3230386385-460663618-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - S-1-5-21-2180953605-3230386385-460663618-1000 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9feea2266e062) (gupdate1c9feea2266e062) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Virgin Broadband PCguard (Radialpoint Security Services) - Radialpoint SafeCare Inc. - C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
O23 - Service: Virgin Broadband PCguard SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 10556 bytes

katana
2009-09-04, 01:09
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Mary Young
2009-09-05, 14:28
Katana, thanks for your advice.
I ran RSIT without incident, I will post the files below.
However, not so good with GMER. After double-clicking the program to RUN, I got a screen with a lines of text (looked like paths) but NO request for FULL SCAN. So I pressed "Scan" button, then had to leave computer running scan. On return apparently it was hibernated, I had to revive and put in my password. There was no sign of GMER, just a message "Windows has recovered from an unexpected error".
Should I REPEAT the GMER scan?

RSIT LOG.TXT
Logfile of random's system information tool 1.06 (written by random/random)
Run by mary at 2009-09-04 15:37:37
WIN_VISTA Service Pack 1
System drive C: has 116 GB (51%) free of 228 GB
Total RAM: 3030 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:17, on 04/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Broadband\PCguard\rps.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\QUICKENW\qagent.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\mrtMngr.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mary\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mary.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/#inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {DAB46A0D-8939-4056-B80C-028DCE8999EF} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\RunOnce: [FsVdInstReboot] 
O4 - HKLM\..\RunOnce: [FsVdUnReboot] 
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2180953605-3230386385-460663618-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - S-1-5-21-2180953605-3230386385-460663618-1000 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9feea2266e062) (gupdate1c9feea2266e062) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Virgin Broadband PCguard (Radialpoint Security Services) - Radialpoint SafeCare Inc. - C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
O23 - Service: Virgin Broadband PCguard SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 10324 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A8E66DFD-AAA5-4671-A5D5-A2034C5DD4FD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2009-05-27 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-07 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-15 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-08-25 200704]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-06-03 446635]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QAGENT"=C:\QUICKENW\QAGENT.EXE [2001-05-24 94208]
""= []
"VirtualDrive"=C:\Program Files\FarStone\VirtualDrive\VDTask.exe [2008-11-06 166416]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2009-05-27 2303216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FsVdInstReboot"=1 []
"FsVdUnReboot"=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2008-11-03 1745648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-11-21 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-11-21 150040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-07-04 132392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-11-21 154136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-12-22 483420]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
C:\QUICKENW\BILLMIND.EXE [2001-05-24 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
C:\QUICKENW\QWDLLS.EXE [2001-05-24 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
C:\PROGRA~1\Dell\QuickSet\quickset.exe [2008-07-31 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-03-31 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\SYSTEM32\igfxdev.dll [2008-11-21 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a81859b8-5d45-11de-94b9-002219e2d4d5}]
shell\AutoRun\command - L:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19e16a-94a5-11de-8ed7-002219e2d4d5}]
shell\AutoRun\command - K:\setup.exe AUTORUN=1


======List of files/folders created in the last 1 months======

2009-09-04 15:37:37 ----D---- C:\rsit
2009-08-31 17:06:40 ----D---- C:\Program Files\Trend Micro
2009-08-31 17:01:23 ----D---- C:\Windows\ERDNT
2009-08-31 16:59:56 ----D---- C:\Program Files\ERUNT
2009-08-31 15:48:07 ----SHD---- C:\Config.Msi
2009-08-31 14:22:24 ----A---- C:\Windows\system32\tzres.dll
2009-08-31 02:13:57 ----D---- C:\Program Files\ESET
2009-08-30 13:30:11 ----D---- C:\Temp
2009-08-29 01:19:08 ----A---- C:\Windows\ntbtlog.txt
2009-08-24 01:13:41 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-24 01:13:37 ----A---- C:\Windows\system32\mstscax.dll
2009-08-24 01:13:34 ----A---- C:\Windows\system32\avifil32.dll
2009-08-24 01:13:30 ----A---- C:\Windows\system32\atl.dll
2009-08-24 01:13:26 ----A---- C:\Windows\system32\kerberos.dll
2009-08-24 01:13:25 ----A---- C:\Windows\system32\wdigest.dll
2009-08-24 01:13:25 ----A---- C:\Windows\system32\schannel.dll
2009-08-24 01:13:25 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-24 01:13:25 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-24 01:13:24 ----A---- C:\Windows\system32\secur32.dll
2009-08-24 01:13:24 ----A---- C:\Windows\system32\lsass.exe
2009-08-24 01:12:16 ----A---- C:\Windows\system32\wmp.dll
2009-08-24 01:12:15 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-24 01:12:14 ----A---- C:\Windows\system32\spwmp.dll
2009-08-24 01:12:13 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-24 01:12:12 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-24 01:00:37 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-23 23:18:54 ----HDC---- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 23:18:47 ----D---- C:\ProgramData\Lavasoft
2009-08-23 23:18:47 ----D---- C:\Program Files\Lavasoft
2009-08-23 23:00:50 ----D---- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
2009-08-23 22:09:15 ----A---- C:\Delme.bat
2009-08-23 19:37:11 ----D---- C:\Program Files\Sony Ericsson
2009-08-23 13:51:30 ----D---- C:\ProgramData\Raxco
2009-08-23 13:51:30 ----D---- C:\Program Files\Raxco
2009-08-10 15:07:18 ----A---- C:\DBS.TXT
2009-08-09 12:56:57 ----D---- C:\ProgramData\VirginMedia
2009-08-08 20:29:26 ----D---- C:\Windows\system32\EventProviders
2009-08-06 12:21:25 ----D---- C:\Program Files\iPod
2009-08-05 01:33:12 ----D---- C:\Program Files\Motorola
2009-08-05 01:33:12 ----D---- C:\Program Files\Common Files\Motorola Shared

======List of files/folders modified in the last 1 months======

2009-09-04 15:39:27 ----D---- C:\Windows\Temp
2009-09-04 15:33:41 ----D---- C:\Legacy
2009-09-04 15:33:12 ----A---- C:\Windows\adbk32.ini
2009-09-04 15:27:29 ----D---- C:\Windows\Prefetch
2009-09-04 13:46:19 ----D---- C:\Program Files\Mozilla Firefox
2009-09-04 13:43:33 ----D---- C:\Windows\Tasks
2009-09-03 12:48:55 ----SHD---- C:\System Volume Information
2009-09-03 12:46:12 ----D---- C:\Windows
2009-09-03 10:40:18 ----A---- C:\Windows\QUICKEN.INI
2009-09-02 20:42:21 ----D---- C:\Windows\system32\catroot2
2009-09-01 00:02:17 ----D---- C:\Windows\system32\WDI
2009-08-31 17:06:59 ----RD---- C:\Program Files
2009-08-31 16:39:31 ----D---- C:\Windows\System32
2009-08-31 15:48:33 ----SHD---- C:\Windows\Installer
2009-08-31 15:48:30 ----D---- C:\Windows\winsxs
2009-08-31 15:48:17 ----D---- C:\Program Files\Common Files
2009-08-31 15:47:07 ----HD---- C:\ProgramData
2009-08-31 15:28:43 ----D---- C:\Program Files\InstallShield Installation Information
2009-08-31 15:28:42 ----D---- C:\Windows\inf
2009-08-31 15:23:24 ----D---- C:\Windows\rescache
2009-08-31 15:21:13 ----D---- C:\Program Files\Uniblue
2009-08-31 14:23:13 ----D---- C:\Windows\system32\en-US
2009-08-31 14:23:07 ----D---- C:\Windows\system32\catroot
2009-08-31 14:22:09 ----D---- C:\Program Files\Windows Mail
2009-08-29 01:15:55 ----D---- C:\Users\mary\AppData\Roaming\Adobe
2009-08-29 01:15:55 ----D---- C:\Program Files\Adobe
2009-08-29 00:49:45 ----D---- C:\Windows\system32\wbem
2009-08-29 00:30:12 ----D---- C:\Windows\twain_32
2009-08-29 00:30:12 ----D---- C:\Windows\system32\zh-TW
2009-08-29 00:30:12 ----D---- C:\Windows\system32\zh-HK
2009-08-29 00:30:12 ----D---- C:\Windows\system32\zh-CN
2009-08-29 00:30:12 ----D---- C:\Windows\system32\XPSViewer
2009-08-29 00:30:12 ----D---- C:\Windows\system
2009-08-29 00:30:11 ----D---- C:\Windows\system32\uk-UA
2009-08-29 00:30:11 ----D---- C:\Windows\system32\tr-TR
2009-08-29 00:30:11 ----D---- C:\Windows\system32\th-TH
2009-08-29 00:30:11 ----D---- C:\Windows\system32\sysprep
2009-08-29 00:30:11 ----D---- C:\Windows\system32\sv-SE
2009-08-29 00:30:11 ----D---- C:\Windows\system32\sr-Latn-CS
2009-08-29 00:30:10 ----D---- C:\Windows\system32\SLUI
2009-08-29 00:30:10 ----D---- C:\Windows\system32\sl-SI
2009-08-29 00:30:10 ----D---- C:\Windows\system32\sk-SK
2009-08-29 00:30:10 ----D---- C:\Windows\system32\setup
2009-08-29 00:30:10 ----D---- C:\Windows\system32\ru-RU
2009-08-29 00:30:10 ----D---- C:\Windows\system32\ro-RO
2009-08-29 00:30:09 ----D---- C:\Windows\system32\ras
2009-08-29 00:30:09 ----D---- C:\Windows\system32\pt-PT
2009-08-29 00:30:09 ----D---- C:\Windows\system32\pt-BR
2009-08-29 00:30:09 ----D---- C:\Windows\system32\pl-PL
2009-08-29 00:30:09 ----D---- C:\Windows\system32\oobe
2009-08-29 00:30:09 ----D---- C:\Windows\system32\nl-NL
2009-08-29 00:30:09 ----D---- C:\Windows\system32\nb-NO
2009-08-29 00:30:08 ----D---- C:\Windows\system32\migwiz
2009-08-29 00:30:08 ----D---- C:\Windows\system32\migration
2009-08-29 00:30:08 ----D---- C:\Windows\system32\manifeststore
2009-08-29 00:30:08 ----D---- C:\Windows\system32\lv-LV
2009-08-29 00:30:08 ----D---- C:\Windows\system32\lt-LT
2009-08-29 00:30:04 ----D---- C:\Windows\system32\ko-KR
2009-08-29 00:30:04 ----D---- C:\Windows\system32\ja-JP
2009-08-29 00:30:04 ----D---- C:\Windows\system32\it-IT
2009-08-29 00:30:04 ----D---- C:\Windows\system32\icsxml
2009-08-29 00:30:04 ----D---- C:\Windows\system32\ias
2009-08-29 00:30:04 ----D---- C:\Windows\system32\hu-HU
2009-08-29 00:30:04 ----D---- C:\Windows\system32\hr-HR
2009-08-29 00:30:04 ----D---- C:\Windows\system32\he-IL
2009-08-29 00:30:03 ----D---- C:\Windows\system32\fr-FR
2009-08-29 00:30:03 ----D---- C:\Windows\system32\fi-FI
2009-08-29 00:30:03 ----D---- C:\Windows\system32\et-EE
2009-08-29 00:30:03 ----D---- C:\Windows\system32\es-ES
2009-08-29 00:30:03 ----D---- C:\Windows\system32\en
2009-08-29 00:30:02 ----D---- C:\Windows\system32\el-GR
2009-08-29 00:29:57 ----D---- C:\Windows\system32\drivers
2009-08-29 00:29:57 ----D---- C:\Windows\system32\de-DE
2009-08-29 00:29:57 ----D---- C:\Windows\system32\da-DK
2009-08-29 00:29:57 ----D---- C:\Windows\system32\cs-CZ
2009-08-29 00:29:56 ----RD---- C:\Windows\Offline Web Pages
2009-08-29 00:29:56 ----D---- C:\Windows\system32\com
2009-08-29 00:29:56 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-29 00:29:56 ----D---- C:\Windows\system32\Boot
2009-08-29 00:29:56 ----D---- C:\Windows\system32\bg-BG
2009-08-29 00:29:56 ----D---- C:\Windows\system32\ar-SA
2009-08-29 00:29:56 ----D---- C:\Windows\system32\AdvancedInstallers
2009-08-29 00:29:56 ----D---- C:\Windows\ShellNew
2009-08-29 00:29:56 ----D---- C:\Windows\servicing
2009-08-29 00:29:56 ----D---- C:\Windows\PolicyDefinitions
2009-08-29 00:29:56 ----D---- C:\Windows\MSAgent
2009-08-29 00:29:55 ----RSD---- C:\Windows\Media
2009-08-29 00:29:55 ----D---- C:\Windows\L2Schemas
2009-08-29 00:29:55 ----D---- C:\Windows\IME
2009-08-29 00:29:52 ----RSD---- C:\Windows\Fonts
2009-08-29 00:29:51 ----SD---- C:\Windows\Downloaded Program Files
2009-08-29 00:29:51 ----D---- C:\Windows\en-US
2009-08-29 00:29:51 ----D---- C:\Windows\ehome
2009-08-29 00:29:51 ----D---- C:\Windows\DigitalLocker
2009-08-29 00:29:51 ----D---- C:\Windows\Cursors
2009-08-29 00:29:50 ----D---- C:\Windows\AppPatch
2009-08-29 00:29:50 ----D---- C:\Program Files\Windows Sidebar
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Photo Gallery
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Media Player
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Journal
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Defender
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Collaboration
2009-08-29 00:29:48 ----D---- C:\Program Files\Windows Calendar
2009-08-29 00:29:48 ----D---- C:\Program Files\Movie Maker
2009-08-29 00:29:48 ----D---- C:\Program Files\Internet Explorer
2009-08-29 00:29:48 ----D---- C:\Program Files\Common Files\System
2009-08-29 00:29:47 ----D---- C:\Program Files\Common Files\Services
2009-08-29 00:21:51 ----D---- C:\Windows\tapi
2009-08-29 00:21:50 ----D---- C:\Windows\system32\vs08
2009-08-29 00:21:50 ----D---- C:\Windows\system32\Tasks
2009-08-29 00:21:49 ----D---- C:\Windows\system32\spool
2009-08-29 00:21:44 ----D---- C:\Windows\system32\restore
2009-08-29 00:21:44 ----D---- C:\Windows\system32\oem
2009-08-29 00:21:44 ----D---- C:\Windows\system32\no-NO
2009-08-29 00:21:44 ----D---- C:\Windows\system32\Msdtc
2009-08-29 00:21:41 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-29 00:18:45 ----D---- C:\Windows\pss
2009-08-29 00:18:40 ----D---- C:\Windows\ITECIR
2009-08-29 00:18:25 ----D---- C:\Windows\Help
2009-08-29 00:18:22 ----RSD---- C:\Windows\assembly
2009-08-29 00:18:17 ----D---- C:\Users\mary\AppData\Roaming\Smart Panel
2009-08-29 00:18:17 ----D---- C:\Users\mary\AppData\Roaming\pdf995
2009-08-29 00:18:17 ----D---- C:\Users\mary\AppData\Roaming\MudCreek
2009-08-29 00:16:42 ----RD---- C:\Users
2009-08-29 00:16:41 ----D---- C:\QUICKENW
2009-08-29 00:16:40 ----D---- C:\ProgramData\Virgin Broadband
2009-08-29 00:16:40 ----D---- C:\ProgramData\Spell Check Anywhere
2009-08-29 00:16:40 ----D---- C:\ProgramData\pdf995
2009-08-29 00:16:36 ----D---- C:\ProgramData\Microsoft Help
2009-08-29 00:16:36 ----D---- C:\ProgramData\farstone
2009-08-29 00:16:32 ----D---- C:\Program Files\Windows Live SkyDrive
2009-08-29 00:16:32 ----D---- C:\Program Files\Virtual Magnifying Glass
2009-08-29 00:16:30 ----D---- C:\Program Files\Virgin Broadband
2009-08-29 00:16:30 ----D---- C:\Program Files\SSC Service Utility
2009-08-29 00:16:30 ----D---- C:\Program Files\Spell Check Anywhere
2009-08-29 00:16:29 ----D---- C:\Program Files\Smart Panel
2009-08-29 00:16:26 ----D---- C:\Program Files\Roxio
2009-08-29 00:16:26 ----D---- C:\Program Files\RFViewer
2009-08-29 00:16:25 ----D---- C:\Program Files\QuickTime
2009-08-29 00:16:23 ----D---- C:\Program Files\MozyHome
2009-08-29 00:16:18 ----D---- C:\Program Files\Microsoft Works
2009-08-29 00:16:18 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-29 00:16:16 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2009-08-29 00:16:16 ----D---- C:\Program Files\Microsoft ActiveSync
2009-08-29 00:16:16 ----D---- C:\Program Files\MFInstall
2009-08-29 00:16:16 ----D---- C:\Program Files\Label Wizard
2009-08-29 00:16:13 ----D---- C:\Program Files\iTunes
2009-08-29 00:16:01 ----D---- C:\Program Files\DellTPad
2009-08-29 00:15:55 ----D---- C:\Program Files\Dell Video Chat
2009-08-29 00:15:48 ----D---- C:\Program Files\Dell DataSafe Online
2009-08-29 00:15:47 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-08-29 00:15:47 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-08-29 00:15:46 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-08-29 00:15:43 ----D---- C:\Program Files\Common Files\Designer
2009-08-29 00:15:38 ----D---- C:\Program Files\CCleaner
2009-08-29 00:15:31 ----D---- C:\Program Files\Bonjour
2009-08-29 00:15:31 ----D---- C:\Program Files\Apple Software Update
2009-08-29 00:15:31 ----D---- C:\Program Files\Adr_Book 5.8f
2009-08-29 00:15:28 ----D---- C:\Program Files\7-Zip
2009-08-29 00:15:25 ----D---- C:\DELL
2009-08-28 23:56:45 ----D---- C:\Windows\registration
2009-08-28 14:56:49 ----D---- C:\Users\mary\AppData\Roaming\uniblue
2009-08-28 13:48:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-23 17:09:04 ----D---- C:\Windows\Downloaded Installations
2009-08-23 13:55:11 ----D---- C:\Users\mary\AppData\Roaming\Virgin Broadband
2009-08-10 15:11:29 ----D---- C:\Windows\ModemLogs
2009-08-06 12:21:25 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2009-04-03 120336]
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2009-06-24 54776]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2008-08-28 71184]
R2 mrtRate;mrtRate; C:\Windows\system32\drivers\mrtRate.sys [2000-05-31 34712]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-07-16 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-07-16 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-07-16 38400]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2008-11-26 53192]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-08-25 170032]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-12-22 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-17 1331192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys [2008-10-29 18448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-11-21 2473472]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim; \??\C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2008-08-06 48384]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-12-22 393216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 APL531;OVT Scanner; C:\Windows\System32\Drivers\ov550i.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-03-31 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-03-31 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-03-31 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2009-03-31 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-03-31 50688]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2009-04-06 72704]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
R2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent; C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe [2008-11-14 4937752]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2009-05-27 371440]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [2008-12-22 241746]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-12-22 26112]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 Radialpoint Security Services;Virgin Broadband PCguard; C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [2009-08-23 175184]
S2 gupdate1c9feea2266e062;Google Update Service (gupdate1c9feea2266e062); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 190448]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-31 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------

Mary Young
2009-09-05, 14:30
RSIT INFO.TXT

info.txt logfile of random's system information tool 1.06 2009-09-04 15:40:49

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adr_Book 5.8f-->"C:\Program Files\Adr_Book 5.8f\unins000.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon iP4500 series User Registration-->C:\Program Files\Canon\IJEREG\iP4500 series\UNINST.EXE
Canon iP4500 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series /L0x0009
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Video Chat-->C:\Program Files\Dell Video Chat\uninst.exe
Dell Webcam Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x9 -UnInstall
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESPRX620 Series Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX620 Series\REF_G\DOCUNINS.EXE
ESPRX620 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESPRX620\PQU_G\DOCUNINS.EXE
Evernote-->C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
eWallet 6.0 for Windows PCs-->"C:\Program Files\Ilium Software\eWallet\unins000.exe"
Family History Resource File Viewer 4.0-->MsiExec.exe /I{C08C47C2-E9EF-4357-B8FD-AD90FD2EF791}
FirmTools Duplicate Photo Finder 1-->C:\Program Files\FirmTools\DuplicateFinder\uninstall.exe
GENViewer version 1.23-->"C:\Program Files\MudCreek\GENViewer\unins000.exe"
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Smart Web Printing-->msiexec /i{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}
Integrated Webcam Driver (1.06.03.0309) -->C:\Windows\CtDrvIns.exe -uninstall -script OA001.uns -plugin OA001Pin.dll -pluginres OA001Pin.crl -nodisconprompt -langid 0x0409
ITECIR-->C:\Program Files\InstallShield Installation Information\{F6BB6248-C507-46FE-8A35-1B16F35E0441}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Legacy 7.0-->"C:\Legacy\UNWISE.EXE" /U "C:\Legacy\Install.log"
Legacy Charting 7.0-->"C:\Legacy\LegacyCharting7\unins000.exe"
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MozyHome Remote Backup-->MsiExec.exe /X{55141BD4-2115-4B14-8047-D809194E30BA}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PerfectDisk 2008-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x9 anything
Quicken 2001-->C:\Windows\IsUninst.exe -fC:\QUICKENW\Uninst.isu
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
RPS Burn-->MsiExec.exe /I{BB34B49B-7C29-4140-9E58-659DFFB48534}
RPS CRT-->MsiExec.exe /I{A5D4E41C-2583-46FE-9B99-62496F85C5F3}
RPS Diagnostic Utility-->MsiExec.exe /I{03E4915C-C563-4A37-9622-A5F975EFFCB9}
RPS Firewall-->MsiExec.exe /I{D488D3D4-3302-4EB3-BC2C-814428DAEB15}
RPS Ksdk-->MsiExec.exe /I{D76AC37C-40AE-49EB-B867-1C405C9485C1}
RPS ParentalControl-->MsiExec.exe /I{8213D6EA-F48B-4040-A088-6259751DEB0B}
RPS PerfectDiskStub-->MsiExec.exe /I{1B79FE5E-3100-4998-97A2-9CB717BFF5DE}
RPS PopupBlocker-->MsiExec.exe /I{F1BECAB5-C251-4019-88BC-FBD3668E526C}
RPS RpsCore-->MsiExec.exe /I{295D8CF2-661D-45B2-AD03-EBDF8E7368A9}
RPS SafeConnect-->MsiExec.exe /I{6EE21298-DEA5-4141-B8C8-E58737216134}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spell Check Anywhere-->"C:\Windows\Spell Check Anywhere\uninstall.exe" "/U:C:\Program Files\Spell Check Anywhere\Uninstall\uninstall.xml"
Spell Check Anywhere-->"C:\Windows\Spell Check Anywhere\uninstall.exe" "/U:C:\Program Files\Spell Check Anywhere\Uninstall\uninstall.xml"
SSC Service Utility v4.30-->"C:\Program Files\SSC Service Utility\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Virgin Broadband advisor 1.5.24-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard-->"C:\Program Files\InstallShield Installation Information\{0B0F82AB-5B9A-4B9F-96EF-74E1FD85F01F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Virtual Magnifying Glass v3.3.2-->"C:\Program Files\Virtual Magnifying Glass\unins000.exe"
VirtualDrive-->"C:\Program Files\FarStone\VirtualDrive\Setup.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wisdom-soft Set up ScreenHunter 5.1 Free-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\DLLSHARED\;C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\10.0\DLLSHARED\;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;C:\PROGRA~1\FARSTONE\VIRTUA~1\;C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDP;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

katana
2009-09-05, 22:28
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Mary Young
2009-09-07, 02:11
Combofix Log

ComboFix 09-09-05.03 - mary 06/09/2009 15:30.1.2 - NTFSx86
Running from: c:\users\mary\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2180953605-3230386385-460663618-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\users\mary\Documents\ZbThumbnail.info
c:\windows\system32\oem8.inf
c:\windows\wpd99.drv

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 14:43 . 2009-09-06 14:44 -------- d-----w- c:\users\mary\AppData\Local\temp
2009-09-06 14:43 . 2009-09-06 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-04 14:37 . 2009-09-04 14:40 -------- d-----w- C:\rsit
2009-08-31 16:06 . 2009-08-31 16:07 -------- d-----w- c:\program files\Trend Micro
2009-08-31 15:59 . 2009-08-31 16:00 -------- d-----w- c:\program files\ERUNT
2009-08-31 13:22 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-31 01:13 . 2009-08-31 01:13 -------- d-----w- c:\program files\ESET
2009-08-30 12:30 . 2009-08-30 12:30 -------- d-----w- c:\temp\MotoConnectTemp
2009-08-30 12:30 . 2009-08-30 12:30 -------- d-----w- C:\Temp
2009-08-24 00:13 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-24 00:13 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-24 00:13 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-24 00:13 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-24 00:13 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-24 00:13 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-24 00:13 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-24 00:13 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-24 00:13 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-24 00:13 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-24 00:13 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-24 00:13 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-24 00:12 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-24 00:12 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-24 00:12 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-24 00:12 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-24 00:00 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-23 22:28 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-23 22:18 . 2009-08-23 22:18 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-23 22:18 . 2009-08-23 22:27 -------- d-----w- c:\programdata\Lavasoft
2009-08-23 22:18 . 2009-08-23 22:18 -------- d-----w- c:\program files\Lavasoft
2009-08-23 22:00 . 2009-08-23 22:01 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2009-08-23 21:09 . 2009-08-23 21:09 150 ----a-w- C:\Delme.bat
2009-08-23 18:37 . 2009-08-23 18:37 -------- d-----w- c:\program files\Sony Ericsson
2009-08-23 13:00 . 2009-09-05 17:55 15984672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-23 12:51 . 2008-08-28 12:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-08-23 12:51 . 2009-08-23 12:51 -------- d-----w- c:\programdata\Raxco
2009-08-23 12:51 . 2009-08-23 12:51 -------- d-----w- c:\program files\Raxco
2009-08-09 11:56 . 2009-08-09 11:56 -------- d-----w- c:\programdata\VirginMedia
2009-08-09 11:56 . 2009-08-09 11:57 -------- d-----w- c:\users\mary\AppData\Local\VirginMedia
2009-08-08 19:29 . 2009-08-28 23:21 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 17:55 . 2009-08-23 13:00 214436 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 17:55 . 2009-08-02 19:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-31 14:28 . 2009-03-31 06:53 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-31 14:21 . 2009-08-03 22:09 -------- d-----w- c:\program files\Uniblue
2009-08-31 13:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-28 23:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-28 23:18 . 2009-08-03 23:25 -------- d-----w- c:\users\mary\AppData\Roaming\MudCreek
2009-08-28 23:18 . 2009-05-25 20:40 -------- d-----w- c:\users\mary\AppData\Roaming\Smart Panel
2009-08-28 23:18 . 2009-04-12 01:59 -------- d-----w- c:\users\mary\AppData\Roaming\pdf995
2009-08-28 23:15 . 2009-03-31 07:08 -------- d-----w- c:\program files\Dell Video Chat
2009-08-28 23:15 . 2009-03-31 07:16 -------- d-----w- c:\program files\Dell DataSafe Online
2009-08-28 23:15 . 2009-03-31 07:12 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-08-28 23:15 . 2009-03-31 07:11 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-28 23:15 . 2009-03-31 07:11 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-28 23:15 . 2009-04-16 11:37 -------- d-----w- c:\program files\CCleaner
2009-08-28 23:15 . 2009-04-28 00:12 -------- d-----w- c:\program files\Adr_Book 5.8f
2009-08-28 23:15 . 2009-04-11 02:32 -------- d-----w- c:\program files\Bonjour
2009-08-28 23:15 . 2009-04-11 02:31 -------- d-----w- c:\program files\Apple Software Update
2009-08-28 23:15 . 2009-04-12 13:43 -------- d-----w- c:\program files\7-Zip
2009-08-28 13:56 . 2009-08-03 22:10 -------- d-----w- c:\users\mary\AppData\Roaming\uniblue
2009-08-23 12:55 . 2009-04-08 14:53 -------- d-----w- c:\users\mary\AppData\Roaming\Virgin Broadband
2009-08-06 11:21 . 2009-08-06 11:21 -------- d-----w- c:\program files\iPod
2009-08-06 11:21 . 2009-04-11 02:30 -------- d-----w- c:\program files\Common Files\Apple
2009-08-05 00:44 . 2009-08-05 00:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-08-05 00:33 . 2009-08-05 00:33 -------- d-----w- c:\program files\Motorola
2009-08-05 00:33 . 2009-08-05 00:33 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-08-03 23:25 . 2009-08-03 23:02 -------- d-----w- c:\program files\MudCreek
2009-08-02 09:11 . 2009-08-02 09:02 -------- d-----w- c:\programdata\Roxio
2009-08-02 09:02 . 2009-08-02 09:02 -------- d-----w- c:\users\mary\AppData\Roaming\Roxio
2009-08-02 08:48 . 2009-03-31 06:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 18:49 . 2009-07-31 18:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-30 18:17 . 2009-07-05 10:42 -------- d-----w- c:\program files\Coupon Printer
2009-07-30 17:17 . 2009-07-30 16:02 -------- d-----w- c:\program files\UltraVNC
2009-07-30 16:53 . 2009-04-12 01:56 -------- d-----w- c:\program files\pdf995
2009-07-30 16:14 . 2009-07-30 16:14 -------- d-----w- c:\users\mary\AppData\Roaming\UltraVNC
2009-07-29 10:14 . 2009-07-28 23:12 -------- d-----w- c:\programdata\NOS
2009-07-29 10:14 . 2009-07-28 23:12 -------- d-----w- c:\program files\NOS
2009-07-28 10:56 . 2009-04-12 02:03 -------- d-----w- c:\program files\Foxit Software
2009-07-18 16:06 . 2009-07-31 18:43 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-31 18:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-31 18:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 00:17 . 2009-06-20 01:51 -------- d-----w- c:\users\mary\AppData\Roaming\ZoomBrowser EX
2009-07-15 15:24 . 2009-06-20 01:39 -------- d-----w- c:\programdata\ZoomBrowser
2009-07-14 00:30 . 2009-04-18 11:56 -------- d-----w- c:\users\mary\AppData\Roaming\ArcSoft
2009-07-07 19:03 . 2009-04-07 11:34 96512 ----a-w- c:\users\mary\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-05 10:42 . 2009-07-05 10:42 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-06-24 14:03 . 2009-07-21 15:04 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-15 15:24 . 2009-07-31 18:43 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-31 18:43 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-31 18:43 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-31 18:43 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-03-31 07:05 . 2009-03-31 07:05 75 --sh--r- c:\windows\CT4CET.bin
2009-03-31 16:04 . 2009-03-31 15:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 14:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 14:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 200704]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QAGENT"="c:\quickenw\QAGENT.EXE" [2001-05-24 94208]
"VirtualDrive"="c:\program files\FarStone\VirtualDrive\VDTask.exe" [2008-11-06 166416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FsVdInstReboot"="1 (0x1)" [X]
"FsVdUnReboot"="1 (0x1)" [X]

c:\users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-2 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-31 07:12 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^mary^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{211F86A7-0471-4DD2-A774-3FD3B7810430}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{C2F026BF-1B55-40FA-B044-70C0BE013DE0}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{406DEA51-9084-4810-80D9-A1059548F926}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{4DB5D4B0-B342-49D5-A971-5BFDA79F83DD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{F793D573-DE60-42A1-81D9-74BB1ED5D0B2}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D14A772D-C081-40C5-AAD9-04E78162B766}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{9438353C-F2F9-466E-8F85-F8F009A2E75F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{DA092758-8E5D-4FFB-8F04-35C60C3783BD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4044CCF1-659C-4DC8-B7DE-3A768013F393}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6DAEB346-6B05-4E9A-9C26-D8098700EEBF}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{99B887C0-FC0D-4D8E-A393-1AFB880FD157}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{58B11A29-BB5B-4B81-80D6-3B58E1429787}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B155176C-A9F5-4AD7-8B90-5D7F5D840B90}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 gupdate1c9feea2266e062;Google Update Service (gupdate1c9feea2266e062);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [x]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [2009-08-23 175184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 mozyFilter;mozyFilter;c:\windows\system32\DRIVERS\mozy.sys [2009-06-24 54776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S2 mrtRate;mrtRate; [x]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
S2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-21 112128]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-08-25 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-08-25 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-07 10:01]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 10:02]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 10:02]

2009-09-06 c:\windows\Tasks\User_Feed_Synchronization-{A8E66DFD-AAA5-4671-A5D5-A2034C5DD4FD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Wdf01000.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.google.com/mail/#inbox
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\j5rm60x2.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\j5rm60x2.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 15:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-06 15:49
ComboFix-quarantined-files.txt 2009-09-06 14:49

Pre-Run: 113,047,838,720 bytes free
Post-Run: 135,385,751,552 bytes free

278 --- E O F --- 2009-08-31 13:23

Mary Young
2009-09-07, 02:13
Malwarebytes Log

Malwarebytes' Anti-Malware 1.40
Database version: 2748
Windows 6.0.6001 Service Pack 1

07/09/2009 00:03:55
mbam-log-2009-09-07 (00-03-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 339591
Time elapsed: 4 hour(s), 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

katana
2009-09-07, 10:57
There is no obvious sign of infection that would be causing your issues, does the problem still occur ?

Mary Young
2009-09-07, 12:22
Alas, there seems no change.
PCGuard AV takes 10 minutes to load!
Can't multi-task without something freezing up.
Sometimes I get hovering on the Taskbar I get the Hourglass and can't maximise files by clicking; but they open easily with Task Manager/Switch to.
Should I test System Restore (a new point was set by Combofix)?
Thanks for your input.

katana
2009-09-08, 10:23
There is no malware that would be causing your problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png





OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Mary Young
2009-09-10, 02:17
Hi Katana
Thanks for all your help and good advice. It's reassuring to know my logs are clean! I will seek further help on another Forum.