My Way--laptop and desktop infected (Resolved)

[Veggedout]

A month ago, I was able to rid my desktop of the myway muck. (it was not easy). I have had clean scans since.(although now the laptop is infected...we'll worry about that later).
I believe I still have a problem, as software is crashing now with missing registry keys. Itunes, McAfee both crashed several times and had to reinstall numerous times. System is extremely closed. Delay in opening and closing boxes. I did a system restore yesterday. (bad).
I'm not as skilled as most people here...if I need to scrap this bad boy, I suppose I will. (Dell XPS 1 yr old) It's been like the cat in the hat...fix one thing, another crashes.

Here's the HJ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:48 AM, on 5/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DSS] C:\Windows\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus CX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /FU "C:\Windows\TEMP\E_S42A5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-139897504-4062219054-472764904-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://mail.finishedbasement.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://p.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: McAfee Application Installer Cleanup (0258771241157994) (0258771241157994mcinstcleanup) - McAfee, Inc. - C:\Users\Wendy\AppData\Local\Temp\025877~1.EXE
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11967 bytes

 

[katana]

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

There is no obvious sign of infection, but let's take a deeper look.

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

 

[Veggedout]

your request...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Wendy at 2009-05-02 23:13:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 162 GB (55%) free of 295 GB
Total RAM: 2037 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:29 PM, on 5/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Wendy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Wendy.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DSS] C:\Windows\BBStore\DSS\dssagent.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EPSON Stylus CX4200 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /FU "C:\Windows\TEMP\E_S42A5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-139897504-4062219054-472764904-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://mail.finishedbasement.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://p.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: McAfee Application Installer Cleanup (0258771241157994) (0258771241157994mcinstcleanup) - McAfee, Inc. - C:\Users\Wendy\AppData\Local\Temp\025877~1.EXE
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12122 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-03-25 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
""= []
"CCUTRAYICON"=FactoryMode []
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-02-13 16384]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DSS"=C:\Windows\BBStore\DSS\dssagent.exe []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-02-09 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-02-09 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-02-09 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"EPSON Stylus CX4200 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE [2007-01-19 177664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-25 443968]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2007-10-18 479232]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-09 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9025a511-08e2-11dd-98f3-001cc03d8e3d}]
shell\AutoRun\command - F:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0fe561-294b-11dd-90bf-001cc03d8e3d}]
shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b608c8b1-bf1c-11dd-be8d-001cc03d8e3d}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e51c8006-2b2f-11de-bdd0-001cc03d8e3d}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-02 23:13:02 ----D---- C:\rsit
2009-05-01 08:10:09 ----D---- C:\Program Files\Trend Micro
2009-05-01 07:51:44 ----D---- C:\Program Files\ERUNT
2009-05-01 00:51:14 ----D---- C:\Windows\pss
2009-05-01 00:08:50 ----A---- C:\Windows\system32\dunzip32.dll
2009-05-01 00:06:17 ----D---- C:\Program Files\McAfee.com
2009-05-01 00:06:14 ----D---- C:\Program Files\Common Files\McAfee
2009-05-01 00:06:13 ----D---- C:\Program Files\McAfee
2009-04-30 23:59:33 ----D---- C:\ProgramData\McAfee
2009-04-30 23:00:07 ----D---- C:\mfe
2009-04-30 22:29:43 ----D---- C:\ProgramData\Citrix
2009-04-30 20:31:20 ----A---- C:\Windows\system32\EncDec.dll
2009-04-30 20:31:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-04-30 18:16:08 ----D---- C:\Users\Wendy\AppData\Roaming\McAfee
2009-04-30 17:37:02 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-30 17:37:01 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-30 17:37:01 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-30 17:37:01 ----A---- C:\Windows\system32\icardres.dll
2009-04-30 17:37:01 ----A---- C:\Windows\system32\icardagt.exe
2009-04-30 17:37:00 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-30 17:36:59 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-30 17:32:19 ----A---- C:\Windows\system32\dfshim.dll
2009-04-30 17:32:15 ----A---- C:\Windows\system32\mscoree.dll
2009-04-30 17:32:13 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-30 17:32:00 ----A---- C:\Windows\system32\mscorier.dll
2009-04-30 17:31:57 ----A---- C:\Windows\system32\mscories.dll
2009-04-30 17:31:03 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-30 17:31:03 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-30 17:31:03 ----A---- C:\Windows\system32\ieui.dll
2009-04-30 17:31:03 ----A---- C:\Windows\system32\icardie.dll
2009-04-30 17:31:03 ----A---- C:\Windows\system32\admparse.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\msls31.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\imgutil.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\iernonce.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-30 17:31:02 ----A---- C:\Windows\system32\corpol.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-30 17:31:01 ----A---- C:\Windows\system32\wextract.exe
2009-04-30 17:31:01 ----A---- C:\Windows\system32\webcheck.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\occache.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\mstime.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\msrating.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-30 17:31:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\inseng.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\iesetup.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\iepeers.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\ieakui.dll
2009-04-30 17:31:01 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\vbscript.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\url.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\jscript.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-30 17:31:00 ----A---- C:\Windows\system32\advpack.dll
2009-04-30 17:30:59 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\mshta.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\iexpress.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-30 17:30:59 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-30 17:30:59 ----A---- C:\Windows\system32\iertutil.dll
2009-04-30 17:30:59 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-30 17:30:58 ----A---- C:\Windows\system32\wininet.dll
2009-04-30 17:30:58 ----A---- C:\Windows\system32\urlmon.dll
2009-04-30 17:30:57 ----A---- C:\Windows\system32\mshtml.dll
2009-04-30 17:30:57 ----A---- C:\Windows\system32\ieframe.dll
2009-04-30 14:41:17 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-04-30 14:41:17 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-04-30 14:40:18 ----D---- C:\Users\Wendy\AppData\Roaming\GetRightToGo
2009-04-30 13:32:42 ----D---- C:\Program Files\SigmaTel(896)
2009-04-29 10:29:50 ----D---- C:\Program Files\Intel Corporation
2009-04-29 09:31:46 ----D---- C:\Users\Wendy\AppData\Roaming\ParetoLogic
2009-04-29 09:31:16 ----D---- C:\ProgramData\ParetoLogic
2009-04-29 09:31:16 ----D---- C:\Program Files\ParetoLogic
2009-04-29 09:31:16 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-04-29 09:24:52 ----D---- C:\Windows\system32\Profiles
2009-04-29 00:34:43 ----D---- C:\Program Files\RegCure
2009-04-19 13:55:40 ----A---- C:\Windows\system32\WAVMIX32.DLL
2009-04-19 13:55:40 ----A---- C:\Windows\system32\RoboEx32.dll
2009-04-19 13:55:40 ----A---- C:\Windows\system32\MSCmCDE.dll
2009-04-19 13:55:40 ----A---- C:\Windows\system32\INetWH32.dll
2009-04-19 13:55:37 ----D---- C:\ProgramData\Individual Software
2009-04-19 13:55:37 ----D---- C:\Program Files\Typing Instructor Deluxe
2009-04-19 13:55:37 ----A---- C:\Windows\system32\vbar332.dll
2009-04-16 11:01:42 ----D---- C:\Program Files\XnView
2009-04-16 10:36:05 ----D---- C:\Users\Wendy\AppData\Roaming\XnView
2009-04-16 09:19:42 ----D---- C:\Users\Wendy\AppData\Roaming\Home Designer Suite 8.0
2009-04-16 09:19:21 ----A---- C:\Windows\system32\tsccvid.dll
2009-04-16 09:04:47 ----D---- C:\Program Files\Chief Architect Inc
2009-04-16 04:00:31 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 04:00:29 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 04:00:29 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 04:00:25 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 04:00:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 04:00:24 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 04:00:22 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 04:00:21 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 04:00:21 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 04:00:21 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 04:00:21 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 04:00:19 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 04:00:19 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 04:00:14 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 04:00:13 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 04:00:11 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 04:00:10 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 04:00:10 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 01:20:05 ----D---- C:\Program Files\Enigma Software Group
2009-04-16 01:00:36 ----D---- C:\Windows\ERDNT
2009-04-11 11:57:25 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-11 11:57:12 ----D---- C:\Program Files\iPod
2009-04-11 11:57:11 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 11:57:11 ----D---- C:\Program Files\iTunes
2009-04-09 08:53:45 ----D---- C:\ProgramData\Oberon Games
2009-04-07 07:31:45 ----A---- C:\Windows\wininit.ini
2009-04-04 15:49:06 ----D---- C:\Users\Wendy\AppData\Roaming\Flood Light Games
2009-04-04 15:49:06 ----D---- C:\ProgramData\Flood Light Games

======List of files/folders modified in the last 1 months======

2009-05-02 23:13:17 ----D---- C:\Windows\Prefetch
2009-05-02 23:13:08 ----D---- C:\Windows\Temp
2009-05-02 13:29:27 ----SHD---- C:\Windows\Installer
2009-05-02 13:29:06 ----SHD---- C:\System Volume Information
2009-05-01 08:10:09 ----RD---- C:\Program Files
2009-05-01 00:51:14 ----D---- C:\Windows
2009-05-01 00:09:18 ----D---- C:\Windows\System32
2009-05-01 00:08:21 ----D---- C:\Windows\system32\drivers
2009-05-01 00:06:29 ----D---- C:\Windows\Tasks
2009-05-01 00:06:29 ----D---- C:\Windows\system32\Tasks
2009-05-01 00:06:14 ----D---- C:\Program Files\Common Files
2009-04-30 23:59:33 ----HD---- C:\ProgramData
2009-04-30 23:57:09 ----RD---- C:\Users
2009-04-30 23:42:08 ----D---- C:\Windows\winsxs
2009-04-30 23:02:15 ----ASH---- C:\Program Files\desktop.ini
2009-04-30 22:00:06 ----D---- C:\Windows\system32\catroot2
2009-04-30 20:40:37 ----D---- C:\Windows\Microsoft.NET
2009-04-30 20:40:21 ----RSD---- C:\Windows\assembly
2009-04-30 20:32:04 ----D---- C:\Windows\system32\catroot
2009-04-30 20:32:02 ----D---- C:\Program Files\Windows Mail
2009-04-30 20:31:48 ----D---- C:\Windows\ehome
2009-04-30 20:27:30 ----D---- C:\ProgramData\Microsoft Help
2009-04-30 18:16:48 ----SD---- C:\Windows\Downloaded Program Files
2009-04-30 18:10:48 ----D---- C:\Windows\rescache
2009-04-30 17:46:14 ----D---- C:\Windows\system32\XPSViewer
2009-04-30 17:46:14 ----D---- C:\Windows\system32\wbem
2009-04-30 17:46:14 ----D---- C:\Windows\system32\en-US
2009-04-30 17:46:12 ----D---- C:\Windows\system32\migration
2009-04-30 17:46:12 ----D---- C:\Windows\PolicyDefinitions
2009-04-30 17:46:12 ----D---- C:\Program Files\Internet Explorer
2009-04-30 17:43:36 ----RSD---- C:\Windows\Fonts
2009-04-30 17:43:33 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-30 17:43:17 ----D---- C:\Program Files\Microsoft Works
2009-04-30 17:42:03 ----A---- C:\Windows\win.ini
2009-04-30 17:42:02 ----D---- C:\Program Files\Common Files\System
2009-04-30 17:02:23 ----D---- C:\Windows\system32\config
2009-04-30 17:01:55 ----D---- C:\Windows\system32\spool
2009-04-30 17:01:55 ----D---- C:\Windows\system32\Msdtc
2009-04-30 17:01:54 ----D---- C:\Windows\system32\CodeIntegrity
2009-04-30 17:01:54 ----D---- C:\Windows\inf
2009-04-30 17:01:46 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-30 17:01:46 ----AHD---- C:\ProgramData\GTek
2009-04-30 17:01:45 ----D---- C:\Program Files\SigmaTel
2009-04-30 17:01:45 ----D---- C:\Program Files\NetWaiting
2009-04-30 17:01:44 ----D---- C:\Program Files\Intel
2009-04-30 17:01:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-30 17:01:30 ----D---- C:\Windows\registration
2009-04-30 13:58:46 ----D---- C:\Users\Wendy\AppData\Roaming\U3
2009-04-29 01:10:01 ----SD---- C:\ProgramData\Microsoft
2009-04-27 20:58:17 ----D---- C:\Program Files\PlayFirst
2009-04-27 16:08:49 ----D---- C:\Users\Wendy\AppData\Roaming\PlayFirst
2009-04-26 17:25:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-21 17:02:23 ----D---- C:\ProgramData\PlayFirst
2009-04-19 13:55:40 ----D---- C:\Windows\system
2009-04-17 03:11:43 ----D---- C:\Windows\system32\manifeststore
2009-04-17 03:11:43 ----D---- C:\Windows\AppPatch
2009-04-16 20:09:42 ----D---- C:\Windows\system32\Macromed
2009-04-16 09:50:09 ----D---- C:\Program Files\3D Home Design Suite
2009-04-15 22:55:06 ----D---- C:\Windows\system32\ias
2009-04-15 18:20:06 ----D---- C:\Windows\ModemLogs
2009-04-11 11:57:24 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-11 11:57:11 ----D---- C:\Program Files\Common Files\Apple
2009-04-07 07:36:51 ----D---- C:\Program Files\Picasa2
2009-04-06 22:20:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 08:57:24 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 mozyFilter;mozyFilter; C:\Windows\system32\DRIVERS\mozy.sys [2008-11-17 53752]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-07-11 214912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-02-19 984576]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-02-19 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-09 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-03-25 5504]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-02-19 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-03-25 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2008-11-17 87352]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0258771241157994mcinstcleanup;McAfee Application Installer Cleanup (0258771241157994); C:\Users\Wendy\AppData\Local\Temp\025877~1.EXE [2008-10-23 315264]
S2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-02 23:13:33

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
926plv32-->MsiExec.exe /I{0FA7B858-E0E1-400B-B5C0-1285F7D6FE5E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bonus Content - Dining Room Items December 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D4398D5-2956-4751-A549-B3FD566B02D5}\setup.exe" -l0x9 -removeonly
Bonus Content - Home Theater Items-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FE9FB0F-A112-442C-8772-98A971C14657}\setup.exe" -l0x9 -removeonly
Bonus Content - Landscape Beds-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E48A46FD-4C82-4ADB-9588-0B2311A77A21}\setup.exe" -l0x9 -removeonly
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Chocolatier - Decadence by Design-->C:\PROGRA~2\PLAYFI~1\Games\CHOCOL~3\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\CHOCOL~3\INSTALL.LOG
Chocolatier 2 Secret Ingredients-->C:\PROGRA~2\PLAYFI~1\Games\CHOCOL~2\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\CHOCOL~2\INSTALL.LOG
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\UIU32m.exe -U -IDellHDAz.inf
Cooking Dash-->C:\PROGRA~2\PLAYFI~1\Games\COOKIN~1\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\COOKIN~1\INSTALL.LOG
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Diner Dash - Flo on the Go-->C:\PROGRA~1\PLAYFI~1\DINERD~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DINERD~1\INSTALL.LOG
Diner Dash 2-->C:\PROGRA~2\PLAYFI~1\Games\DINERD~2\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\DINERD~2\INSTALL.LOG
Dream Day First Home-->"C:\Program Files\Best Buy Games\Dream Day First Home\unins000.exe"
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fee Fi Flo Fun (Diner Dash Hometown Hero - Gourmet)-->C:\PROGRA~2\PLAYFI~1\Games\DINERD~1\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\DINERD~1\INSTALL.LOG
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
GourMania-->C:\PROGRA~1\PLAYFI~1\GOURMA~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\GOURMA~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Sweet Home 2-->C:\PROGRA~1\PLAYFI~1\HOMESW~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\HOMESW~1\INSTALL.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) PRO Network Connections 11.2.1.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
Intel(R) PRO Network Connections 11.2.1.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
Intel(R) Viiv(TM) Software-->MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JoJo's Fashion Show 2-->C:\PROGRA~1\PLAYFI~1\JOJO'S~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\JOJO'S~1\INSTALL.LOG
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Zoo Tycoon-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
MozyHome Remote Backup-->MsiExec.exe /X{3EB90211-5E1E-42A6-9C27-E42C4771F7DC}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
SCION OEL Screensaver Studio-->MsiExec.exe /I{D0EAC922-C2B8-4DC7-A030-A53B8EC0C5D5}
Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Great Chocolate Chase-->C:\PROGRA~2\PLAYFI~1\Games\GREATC~1\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\GREATC~1\INSTALL.LOG
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Typing Instructor Deluxe-->C:\Program Files\Typing Instructor Deluxe\unwise.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
WMC - A Darker Shade of Grey-->C:\PROGRA~2\PLAYFI~1\Games\WOMENS~1\UNWISE.EXE C:\PROGRA~2\PLAYFI~1\Games\WOMENS~1\INSTALL.LOG
XnView 1.96-->"C:\Program Files\XnView\unins000.exe"

======Hosts File======

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Wendy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC03D8E3D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 76442
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090502090012.000000-000
Event Type: Warning
User:

Computer Name: Wendy-PC
Event Code: 10000
Message: Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error:
"740"
Happened while starting this command:
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding
Record Number: 76445
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090502090018.000000-000
Event Type: Error
User:

Computer Name: Wendy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC03D8E3D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 76465
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090502192845.000000-000
Event Type: Warning
User:

Computer Name: Wendy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC03D8E3D. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 76495
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090502214204.000000-000
Event Type: Warning
User:

Computer Name: Wendy-PC
Event Code: 225
Message: The application \Device\HarddiskVolume3\Windows\explorer.exe with process id 2012 stopped the removal or ejection for the device USB\VID_0781&PID_5406\3512300CEAC2A0CC.
Record Number: 76520
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090503035531.499800-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Wendy-PC
Event Code: 1001
Message: Detection of product '{30465B6C-B53F-49A1-9EBA-A3F187AD502E}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'
Record Number: 16854
Source Name: MsiInstaller
Time Written: 20090502192853.000000-000
Event Type: Warning
User: Wendy-PC\Wendy

Computer Name: Wendy-PC
Event Code: 1004
Message: Detection of product '{30465B6C-B53F-49A1-9EBA-A3F187AD502E}', feature 'SoleFeature', component '{B7195B4D-220F-4055-B216-675DFB956538}' failed. The resource 'C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll' does not exist.
Record Number: 16855
Source Name: MsiInstaller
Time Written: 20090502192854.000000-000
Event Type: Warning
User: Wendy-PC\Wendy

Computer Name: Wendy-PC
Event Code: 1001
Message: Detection of product '{30465B6C-B53F-49A1-9EBA-A3F187AD502E}', feature 'SoleFeature' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'
Record Number: 16856
Source Name: MsiInstaller
Time Written: 20090502192854.000000-000
Event Type: Warning
User: Wendy-PC\Wendy

Computer Name: Wendy-PC
Event Code: 8193
Message: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8515a673-3d45-446a-806b-efdb47861620}
Record Number: 16858
Source Name: VSS
Time Written: 20090502192900.000000-000
Event Type: Error
User:

Computer Name: Wendy-PC
Event Code: 11706
Message: Product: Roxio Update Manager -- Error 1706. An installation package for the product Roxio Update Manager cannot be found. Try the installation again using a valid copy of the installation package 'UM.MSI'.
Record Number: 16860
Source Name: MsiInstaller
Time Written: 20090502192926.000000-000
Event Type: Error
User: Wendy-PC\Wendy

=====Security event log=====

Computer Name: Wendy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 25862
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090503051326.443800-000
Event Type: Audit Failure
User:

Computer Name: Wendy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 25863
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090503051326.490600-000
Event Type: Audit Failure
User:

Computer Name: Wendy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 25864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090503051326.537400-000
Event Type: Audit Failure
User:

Computer Name: Wendy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 25865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090503051326.568600-000
Event Type: Audit Failure
User:

Computer Name: Wendy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 25866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090503051326.599800-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

 

[katana]

I apologise for the delay, for some reason the forum thinks you haven't posted ???
( if I haven't replied within 24 hours, PM me ! )

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

 

[Veggedout]

mbam log...

I thought you must be busy. Here's the mbam, I will run the other and send you the log file shortly.



MBam:
Malwarebytes' Anti-Malware 1.36
Database version: 2108
Windows 6.0.6001 Service Pack 1

5/11/2009 10:19:16 AM
mbam-log-2009-05-11 (10-19-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 299508
Time elapsed: 1 hour(s), 48 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Veggedout]

combofix results

combofix log:
ComboFix 09-05-10.07 - Wendy 05/11/2009 10:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1097 [GMT -6:00]
Running from: c:\users\Wendy\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MSCmCDE.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 14:13 . 2009-05-11 14:13 -------- d-----w c:\users\Wendy\AppData\Roaming\Malwarebytes
2009-05-11 14:13 . 2009-04-06 21:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-11 14:13 . 2009-04-06 21:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 14:13 . 2009-05-11 14:13 -------- d-----w c:\programdata\Malwarebytes
2009-05-11 14:13 . 2009-05-11 14:13 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-11 14:13 . 2009-05-11 16:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 05:48 . 2009-05-03 05:48 -------- d-----w c:\windows\system32\IOSUBSYS
2009-05-03 05:13 . 2009-05-03 05:13 -------- d-----w C:\rsit
2009-05-01 14:10 . 2009-05-01 14:10 -------- d-----w c:\program files\Trend Micro
2009-05-01 13:51 . 2009-05-01 13:52 -------- d-----w c:\program files\ERUNT
2009-05-01 06:08 . 2006-03-03 14:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-05-01 06:06 . 2007-11-22 12:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-05-01 06:06 . 2007-12-02 18:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-05-01 06:06 . 2007-11-22 12:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-01 06:06 . 2007-11-22 12:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-01 06:06 . 2007-11-22 12:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-05-01 06:06 . 2007-07-13 12:21 125728 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-05-01 06:06 . 2009-05-01 06:06 -------- d-----w c:\program files\McAfee.com
2009-05-01 06:06 . 2009-05-01 06:06 -------- d-----w c:\program files\Common Files\McAfee
2009-05-01 06:06 . 2009-05-01 06:09 -------- d-----w c:\program files\McAfee
2009-05-01 05:59 . 2009-05-01 06:09 -------- d-----w c:\programdata\McAfee
2009-05-01 05:59 . 2009-05-01 06:09 -------- d-----w c:\users\All Users\McAfee
2009-05-01 05:00 . 2009-05-01 05:00 -------- d-----w C:\mfe
2009-05-01 04:29 . 2009-05-01 04:29 -------- d-----w c:\programdata\Citrix
2009-05-01 04:29 . 2009-05-01 04:29 -------- d-----w c:\users\All Users\Citrix
2009-05-01 04:22 . 2009-05-01 04:22 -------- d-----w c:\users\Wendy\AppData\Local\Citrix
2009-05-01 04:22 . 2009-05-01 04:22 61224 ----a-w c:\users\Wendy\GoToAssistDownloadHelper.exe
2009-05-01 02:31 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-05-01 02:31 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-05-01 00:16 . 2009-05-01 00:16 -------- d-----w c:\users\Wendy\AppData\Roaming\McAfee
2009-04-30 23:37 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-30 23:37 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-30 23:37 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-30 23:37 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-30 23:37 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-30 23:37 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-30 23:36 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-30 23:32 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-30 23:32 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-30 23:32 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-30 23:32 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-30 23:30 . 2009-03-08 11:31 45568 ----a-w c:\windows\system32\mshta.exe
2009-04-30 20:41 . 2009-04-30 20:41 -------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-04-30 20:41 . 2009-04-30 20:41 -------- d-----w c:\users\All Users\PC Drivers HeadQuarters
2009-04-30 20:41 . 2009-04-30 20:41 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-04-30 20:40 . 2009-04-30 20:40 -------- d-----w c:\users\Wendy\AppData\Local\Downloaded Installations
2009-04-30 20:40 . 2009-04-30 20:43 -------- d-----w c:\users\Wendy\AppData\Roaming\GetRightToGo
2009-04-30 19:32 . 2009-04-30 19:32 -------- d-----w c:\program files\SigmaTel(896)
2009-04-29 16:29 . 2009-04-29 16:29 -------- d-----w c:\program files\Intel Corporation
2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\users\Wendy\AppData\Roaming\ParetoLogic
2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\programdata\ParetoLogic
2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\users\All Users\ParetoLogic
2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-29 15:31 . 2009-04-29 15:31 -------- d-----w c:\program files\ParetoLogic
2009-04-29 15:24 . 2009-04-29 15:24 -------- d-----w c:\windows\system32\Profiles
2009-04-29 06:34 . 2009-04-29 06:41 -------- d-----w c:\program files\RegCure
2009-04-19 19:55 . 1994-08-24 07:00 188960 ----a-w c:\windows\system\wingde.dll
2009-04-19 19:55 . 1994-09-21 07:00 92208 ----a-w c:\windows\system\wing.dll
2009-04-19 19:55 . 1995-12-15 01:32 26112 ----a-w c:\windows\system\WAVMIX16.DLL
2009-04-19 19:55 . 1995-12-15 01:32 26112 ----a-w c:\windows\system\WAVEMIX.DLL
2009-04-19 19:55 . 1994-09-21 07:00 6736 ----a-w c:\windows\system\wingdib.drv
2009-04-19 19:55 . 2001-05-24 18:59 54784 ----a-w c:\windows\system32\INetWH32.dll
2009-04-19 19:55 . 2001-05-24 17:59 317952 ----a-w c:\windows\system32\RoboEx32.dll
2009-04-19 19:55 . 1997-07-30 16:46 49664 ----a-w c:\windows\system32\WAVMIX32.DLL
2009-04-19 19:55 . 2009-04-19 19:55 -------- d-----w c:\programdata\Individual Software
2009-04-19 19:55 . 2009-04-19 19:55 -------- d-----w c:\users\All Users\Individual Software
2009-04-19 19:55 . 2009-04-19 20:07 -------- d-----w c:\program files\Typing Instructor Deluxe
2009-04-19 19:55 . 1998-05-18 05:06 368912 ----a-w c:\windows\system32\vbar332.dll
2009-04-16 17:01 . 2009-04-16 17:01 -------- d-----w c:\program files\XnView
2009-04-16 16:36 . 2009-04-16 17:12 -------- d-----w c:\users\Wendy\AppData\Roaming\XnView
2009-04-16 15:19 . 2009-05-11 13:46 -------- d-----w c:\users\Wendy\AppData\Roaming\Home Designer Suite 8.0
2009-04-16 15:19 . 2006-05-01 03:10 102400 ----a-w c:\windows\system32\tsccvid.dll
2009-04-16 15:04 . 2009-04-16 15:47 -------- d-----w c:\program files\Chief Architect Inc
2009-04-16 07:20 . 2009-04-16 07:20 -------- d-----w c:\program files\Enigma Software Group
2009-04-16 05:22 . 2009-04-16 05:22 -------- d-----w c:\users\Wendy\AppData\Local\Dell
2009-04-11 17:57 . 2008-04-17 18:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-11 17:57 . 2009-03-19 22:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-11 17:57 . 2009-04-11 17:57 -------- d-----w c:\program files\iPod
2009-04-11 17:57 . 2009-04-11 17:57 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 17:57 . 2009-04-11 17:57 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 17:57 . 2009-04-11 17:57 -------- d-----w c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 05:48 . 2008-03-25 13:39 -------- d-----w c:\program files\Google
2009-05-01 05:02 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-05-01 02:32 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-30 23:53 . 2008-04-12 22:57 117696 ----a-w c:\users\Wendy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 23:43 . 2008-03-25 13:41 -------- d-----w c:\program files\Microsoft Works
2009-04-30 23:01 . 2008-11-30 20:11 -------- d-----w c:\program files\NetWaiting
2009-04-30 23:01 . 2008-11-30 20:08 -------- d-----w c:\program files\SigmaTel
2009-04-30 23:01 . 2008-03-25 13:28 -------- d-----w c:\program files\Intel
2009-04-30 23:01 . 2008-03-25 13:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 02:58 . 2008-11-22 01:18 -------- d-----w c:\program files\PlayFirst
2009-04-16 15:50 . 2008-04-14 00:06 -------- d-----w c:\program files\3D Home Design Suite
2009-04-11 17:57 . 2008-04-13 18:03 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 04:20 . 2008-08-15 13:08 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 03:38 . 2009-04-16 10:00 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 10:00 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 15:23 . 2009-03-15 15:23 -------- d-----w c:\program files\QuickTime
2009-03-15 15:21 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-15 15:21 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-03-15 15:21 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-03-15 15:18 . 2008-04-16 15:14 -------- d-----w c:\program files\Safari
2009-03-08 11:34 . 2009-04-30 23:30 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-04-30 23:31 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-04-30 23:31 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-04-30 23:30 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-04-30 23:30 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-30 23:30 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-30 23:30 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-30 23:30 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-30 23:30 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-30 23:31 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-04-30 23:31 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-04-30 23:31 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-04-30 23:31 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-04-30 23:30 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-04-30 23:31 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-04-30 23:31 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:22 . 2009-04-30 23:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 05:59 . 2009-03-06 05:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 05:59 . 2009-03-06 05:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 04:46 . 2009-04-16 10:00 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 10:00 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 10:00 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 10:00 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 10:00 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 10:00 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 10:00 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-16 10:00 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-16 10:00 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 10:00 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-13 08:49 . 2009-04-16 10:00 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 10:00 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-03-25 21:15 . 2008-03-25 21:02 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-11-17 06:32 3044664 ----a-w c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-11-17 06:32 3044664 ----a-w c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"EPSON Stylus CX4200 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2007-01-19 177664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-14 16384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-09 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-09 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-09 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]

c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-25 50688]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2008-11-17 2954552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{579C6B4D-0E98-4049-BD94-F93C24554BCC}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8325C370-759E-402C-A5FD-48B5EECCC946}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{47832217-864B-478A-B52E-B54E6672F7B4}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{A84ABD56-2ECA-4967-8286-54761FAA7682}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{7F7774F1-89FA-46DA-A3EB-8AB8BAF7829C}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{FD32285E-B603-4F27-A8A9-71CD2ADC733E}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{008E6383-64DC-4F6E-81D9-374656BED912}"= TCProfile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{64EBBEE1-9662-4C18-84E4-82A1B748B338}"= TCProfile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{01A82133-3E46-49E5-A68E-8BD3BF4AEA69}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1847A28F-F6E9-4215-A4AE-49D61AA39A77}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4DBA1E3C-FA5D-4D00-8FBB-D76A59E4ABE4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F5FB3B48-9A07-4DC2-8BE5-2879914574CB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF53E8A4-E1E7-474D-A82D-5C93421D975F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E70DD57-9C4D-4BCA-8AB0-67802FDCDC24}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{9555539E-E4C8-4170-9265-BC7A8FE9D301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C9A1354B-7375-468E-A82A-3587DE877299}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E42A0C2-3F23-433C-B0E9-FB6761F597B2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F5856DE3-0E8F-477D-9AFD-A1AD69DB1D3C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DA0B2FA2-9727-4400-818E-2096D7637F9B}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0F6FF513-B7C1-4F53-867B-7BCFB528FC74}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{592F830D-D8C7-4A70-8FB5-41F613ADA592}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8DE890A7-BF90-4D5C-9074-6E0CE66F35F1}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{BA9D5F24-EBD3-4101-B90E-34B10E9D0491}"= UDProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{E05F2128-879A-4B1B-9C87-BD0D09C4F9CB}"= TCProfile=Private|Profile=Public:LocalSubnet:LocalSubnet|c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{CBBEFB64-1F0E-4AE9-BDE2-C5AEDD2AEE7B}"= TCProfile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{63422AF8-6C2B-4E22-9DA0-40289E3F7D20}"= TCProfile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{D9FF6F6F-5319-4915-88CA-793C1FFE65B6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D20328F1-55E4-4CDB-AE47-F07DB27A6B5D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D0B7E26D-7D6A-4923-B27A-4AC2E641991B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFF453D-6D4E-4CB8-998C-22E90F7F91D1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [11/30/2008 4:13 PM 53752]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [10/29/2006 10:03 AM 208896]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\System32\drivers\nmsgopro.sys [9/27/2006 3:37 PM 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [10/19/2006 4:49 PM 7424]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [3/25/2008 7:36 AM 5504]
S2 0258771241157994mcinstcleanup;McAfee Application Installer Cleanup (0258771241157994);c:\users\Wendy\AppData\Local\Temp\025877~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Wendy\AppData\Local\Temp\025877~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MFEAVFK
*NewlyCreated* - MFEBOPK
*NewlyCreated* - MFEHIDK
*NewlyCreated* - MFERKDK
*NewlyCreated* - MFESMFK

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - f:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9025a511-08e2-11dd-98f3-001cc03d8e3d}]
\shell\AutoRun\command - F:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0fe561-294b-11dd-90bf-001cc03d8e3d}]
\shell\AutoRun\command - f:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b608c8b1-bf1c-11dd-be8d-001cc03d8e3d}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-01 19:32]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-01 19:32]

2009-05-11 c:\windows\Tasks\User_Feed_Synchronization-{532FF140-2A09-42FF-8385-73441A00CE30}.job
- c:\windows\system32\msfeedssync.exe [2009-04-30 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: finishedbasement.com\mail
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} - hxxp://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://p.playfirst.com/play/game/chocolatier/ChocolatierWeb.1.0.0.13.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 10:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-139897504-4062219054-472764904-1001\Software\SecuROM\License information*]
"datasecu"=hex:fc,f5,f8,db,b6,60,c9,b7,f9,bb,c1,15,32,66,e9,13,6a,90,5d,e3,99,
db,6b,f2,89,d2,1e,26,be,13,30,00,36,56,09,5f,e3,cb,04,de,9a,a8,9b,7d,c0,c1,\
"rkeysecu"=hex:13,bc,65,e8,99,ca,9b,6c,d6,f6,b0,9e,31,58,74,dd

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-11 10:32
ComboFix-quarantined-files.txt 2009-05-11 16:32

Pre-Run: 168,137,830,400 bytes free
Post-Run: 168,175,321,088 bytes free

306 --- E O F --- 2009-05-11 09:00

 

[katana]

Well, there is very little showing there that would cause problems

We will do one last scan, and if that shows no problems then I suspect that the infection you had may have corrupted parts of your hard drive.

We can have a look at that if/when we need to

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

 

[Veggedout]

kaspersky problems

I apologize for my lack of know-how. I've run the kaspersky scan 5 times, saving it as a text file, and it disappears and restarts the scan. It did say that there was one bad thread: trojan-html. Maybe I need some additional instructions on running it as an admin...but I can't seem to get to the site when I do that.
Please don't give up on me.

 

[katana]

Please don't give up on me.

We don't give up until there is nothing left to try


Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK

• Click the Scan Now button
• Follow the prompts to install the Active X if necessary
• Go and make a cup of tea/coffee/beverage of your choice and watch some TV
• When the scan is finished, a report will be generated
• Next to Scan Details click the small export to notepad button and save the report to your desktop.
• Please post the report in your reply.

 

[Veggedout]

Active Scan Results

Here's the Active Scan Results. The format is a little jacked up when I pasted.
I hope you find something...I'm about to put a $400 video card and memory into this and I'm going to make sure it's salvageable.:thanks:
ANALYSIS: 2009-05-14 14:39:35
PROTECTIONS: 1
MALWARE: 42
SUSPECTS: 8
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@casalemedia[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@247realmedia[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@mediaplex[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@linksynergy[1].txt
00156968 Cookie/ads.tripod.lycos.com TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.tripod.lycos[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@xiti[1].txt
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@gostats[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@counter.hitslink[1].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@club.cdfreaks[4].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@www.burstbeacon[2].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@cdfreaks[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@server.iad.liveperson[4].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.pointroll[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@zedo[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@bravenet[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@go[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\wendy@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@target[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@did-it[2].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@adviva[1].txt
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@www2.addfreestats[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@atwola[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@www1.addfreestats[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Cookies\Low\wendy@ads.addynamix[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location ʑ���� �9

;===================================================================================================================================================================================
No C:\Users\Wendy\Desktop\ComboFix.exe ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\n.com] ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\n.com] ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\n.com] ʑ���� �9

No C:\Users\Wendy\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ʑ���� �9

No C:\Windows\NIRCMD.exe ʑ���� �9

;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description

 

[katana]

I hope you find something

Sorry, the only things showing there are Cookies.

There is no malware that would be causing your problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
I would start by running the PCPitstop tests, that will help the tech's diagnose what is wrong ( I still suspect the HDD)


PCPitstop:

• Please Run the PCPitstop Full Tests: Here.
• Register and create a password.
• Accept the ActiveX component to allow your machine to run the Full Tests.
• Registering and accepting the ActiveX are both SAFE and FREE.
• Full Tests is the first item in the left hand column of that page.

The Full Tests take less than 5 minutes for most machines.

• Once you have your Results, please copy the TechExpress Link and save it
• TechExpress is the last item on the list in the yellow box in upper right area of any Results page.
  

Caution: During the testing of Video Adapter, a variety of patterns, shapes, colors and text are “flashed” onto the users monitor screen. In the many thousands of daily uses of the PCPitstop Full Tests over several years, two individuals who suffer epilepsy experienced discomfort and temporary dizziness when viewing the flashing patterns. If you know that you are susceptible to photo driven seizure, look away from your screen during the Video Adapter testing sequence.

Start a thread in one of the following forums ( in a Hardware room )

http://forums.pcpitstop.com/
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems/hardware, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware. Add the TechExpress Link so they can see the results.
Give them the following link, so they can see that I have given you a clean bill of health (infection wise). They all know me, so there shouldn't be any problems

http://forums.spybot.info/showthread.php?p=312128#post312128

----------------------------------------------------------- -----------------------------------------------------------


Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.


Uninstall Combofix

• This will clear your System Volume Information restore points and remove all the infected files that were quarantined
• Click START, type RUN into the search box, then click Enter
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

 

[Veggedout]

New unwanted file found-McAffee

McAffee found a potentially unwanted file and was unable to remove it:
RemAdm-ProcLaunch!171
Anything to worry about?

 

[Veggedout]

Got it

Thank you. Are you speaking of going to one of the tech forums on spybot? All programs seem to be working now, just a little slower. I suppose I will go ahead and have the new video card and memory added and hope it's ok.
Thank you.resent:

 

[katana]

McAffee found a potentially unwanted file and was unable to remove it:
RemAdm-ProcLaunch!171
Anything to worry about?

Nope, uninstall Combofix and it should go

Are you speaking of going to one of the tech forums on spybot?

No,
I gave a list of the Tech forums that I think will be best suited.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.