Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

peculiar IE8 behavior, Ad-Aware finds bugs but won't open

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 11th, 2010, 8:18 pm

Sometimes my computer just slows down to a crawl without running many programs, sometimes tells me messages that aren't true, sometimes IE just won't open to let me use it - as if it's locked up. Comodo AV doesn't find anything, neither does MalwareBytes. Ad-Aware finds something, but won't open up to let me see what it is... Sometimes IE will open 3 windows even though I only ran one. Any help will be appreciated!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:53:15 PM, on 3/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3437969801
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3438879504
O16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} (SAXFileEE FileDownload ActiveX Control) - http://appsnet.bentley.com/myselectcd/SAXFileEE.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{586F46BB-2033-4C7B-9EBC-EF095A394E4B}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0012191268343561) (0012191268343561mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\T\LOCALS~1\Temp\001219~1.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: getPlus(R) Installer - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)

--
End of file - 7174 bytes



Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11
AOLIcon
Apple Application Support
Apple Software Update
Bentley View V8i 08.11.05.24
Broadcom Management Programs
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon MP190 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
COMODO Internet Security
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.7
Dell Driver Reset Tool
Dell ResourceCD
Dell Wireless WLAN Card
Digital Line Detect
Dream Sudoku Trial
ELIcon
Get High Speed Internet!
Google Earth
Google Update Helper
Google Updater
GPS Information
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hyland Web ActiveX Controls
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 18
Java(TM) 6 Update 7
Junk Mail filter update
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser
MyScribe
NetWaiting
NetZeroInstallers
Photo Editor
PL-2303 USB-to-Serial
PowerDVD 5.5
POWERPREP GRE
QuickSet
QuickTime
RealPlayer
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebEx
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm
Advertisement
Register to Remove

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 14th, 2010, 6:40 am

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------



Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
    ( They can also be found in the C:\RSIT folder )


GMER Rootkit Detector

Please download GMER Rootkit Scanner from Here or Here

***Please close any open programs ***
  • Extract the contents of the zip file to your desktop.
  • Disable your onboard Anti Virus and any other Active protection programs you have installed.
  • Double-click gmer.exe. The program will begin to run.

    Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,
  • Now use the following settings for a more complete scan..

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once the scan is complete, you may receive another notice about rootkit activity. If you recive it, click OK.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • RSIT Logs
  • GMER Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

RSIT logs as directed -- GMER log maybe tomorrow

Unread postby n2934 » March 14th, 2010, 9:58 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by T at 2010-03-14 09:11:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (40%) free of 35 GB
Total RAM: 247 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A1436AFE-2180-4C5F-A870-A156C3FC039E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-12 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-03-12 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-12 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-09-10 393216]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-15 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-20 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"LogMeIn"=2
"LMIMaint"=2
"TapiSrv"=3
"StumbleUponUpdateService"=3
"mnmsrvc"=3
"Microsoft Office Groove Audit Service"=3
"LMIRescue"=2
"gusvc"=2
"gupdate1c987866e79faa8"=2
"CiSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42554dce-f7a7-11dd-aef7-001422a7c366}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51dbb2a0-2e9d-11df-ba9d-001422a7c366}]
shell\AutoRun\command - E:\HPLauncher.exe


======List of files/folders created in the last 3 months======

2010-03-14 09:12:05 ----D---- C:\Program Files\trend micro
2010-03-14 09:11:57 ----D---- C:\rsit
2010-03-13 10:43:55 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-03-13 08:39:56 ----D---- C:\Documents and Settings\T\Application Data\ArcSoft
2010-03-13 08:39:02 ----D---- C:\Documents and Settings\T\Application Data\HP SimpleSave Application
2010-03-12 12:38:08 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-12 12:36:40 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-03-12 12:36:39 ----D---- C:\Program Files\Symantec
2010-03-12 12:36:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-12 12:34:45 ----D---- C:\Program Files\Windows Sidebar
2010-03-12 12:34:45 ----D---- C:\Program Files\Norton Security Suite
2010-03-12 12:34:42 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-03-12 12:32:59 ----D---- C:\Program Files\NortonInstaller
2010-03-12 09:31:33 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-09 20:46:35 ----D---- C:\Documents and Settings\T\Application Data\Yahoo!
2010-03-09 20:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-03-09 20:34:55 ----D---- C:\Program Files\Yahoo!
2010-03-09 14:49:08 ----D---- C:\Documents and Settings\T\Application Data\mIRC
2010-03-09 14:46:19 ----D---- C:\Program Files\Dream Sudoku Trial
2010-03-03 17:04:17 ----RA---- C:\WINDOWS\UNDPX2A.exe
2010-02-23 14:28:58 ----D---- C:\GM591
2010-02-19 20:26:52 ----D---- C:\Documents and Settings\T\Application Data\Move Networks
2010-02-14 13:56:38 ----D---- C:\Program Files\PicLensIE
2010-01-31 22:57:40 ----A---- C:\WINDOWS\cfplogvw.INI
2010-01-29 17:19:21 ----D---- C:\Program Files\TrendMicro
2010-01-28 12:35:27 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-28 12:02:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 12:02:15 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 12:02:15 ----A---- C:\WINDOWS\system32\java.exe
2010-01-26 09:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-01-23 20:45:18 ----D---- C:\Program Files\Belarc
2010-01-23 19:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2010-01-23 19:13:34 ----D---- C:\OTS
2010-01-23 16:14:49 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-01-23 16:14:40 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2010-01-23 16:14:40 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-01-23 16:14:38 ----A---- C:\WINDOWS\system32\LMIinit.dll.000.bak
2010-01-23 16:14:38 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-01-23 16:09:20 ----D---- C:\Program Files\LogMeIn
2010-01-22 10:44:26 ----D---- C:\education
2010-01-20 17:26:17 ----D---- C:\Program Files\Common Files\Adobe
2010-01-20 17:03:16 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-20 16:16:04 ----D---- C:\Program Files\QuickTime
2010-01-20 16:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-08 17:11:00 ----D---- C:\Documents and Settings\T\Application Data\webex
2010-01-05 13:01:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-01-05 12:52:24 ----D---- C:\Program Files\Microsoft Works
2010-01-05 12:50:38 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-05 12:50:37 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-05 12:48:28 ----D---- C:\Program Files\Microsoft.NET
2010-01-05 12:39:21 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-01-05 12:36:06 ----HD---- C:\WINDOWS\ShellNew
2010-01-05 12:34:01 ----D---- C:\Program Files\Microsoft Office
2010-01-05 12:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-05 12:32:14 ----RHD---- C:\MSOCache
2010-01-05 10:50:49 ----D---- C:\Temp
2010-01-04 14:57:34 ----D---- C:\Documents and Settings\T\Application Data\MyScribe
2010-01-04 14:38:53 ----D---- C:\Program Files\CafeScribe
2009-12-20 20:11:10 ----D---- C:\Program Files\MSSOAP
2009-12-20 19:55:45 ----D---- C:\Program Files\Webroot
2009-12-19 16:31:43 ----D---- C:\SCAN
2009-12-17 22:23:08 ----D---- C:\Program Files\NOS

======List of files/folders modified in the last 3 months======

2010-03-14 09:12:05 ----RD---- C:\Program Files
2010-03-14 09:05:12 ----D---- C:\downloads
2010-03-14 09:02:16 ----ASH---- C:\boot.ini
2010-03-14 09:02:16 ----A---- C:\WINDOWS\win.ini
2010-03-14 09:02:16 ----A---- C:\WINDOWS\system.ini
2010-03-14 08:46:35 ----D---- C:\WINDOWS\system32
2010-03-14 08:46:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 08:45:08 ----D---- C:\WINDOWS\Prefetch
2010-03-14 08:44:41 ----D---- C:\WINDOWS\Temp
2010-03-14 08:40:45 ----D---- C:\WINDOWS
2010-03-14 08:39:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-13 15:30:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-13 11:43:26 ----SD---- C:\Documents and Settings\T\Application Data\Microsoft
2010-03-13 09:56:36 ----D---- C:\WINDOWS\repair
2010-03-13 09:55:22 ----D---- C:\WINDOWS\Registration
2010-03-13 08:38:17 ----HD---- C:\WINDOWS\inf
2010-03-12 20:20:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-12 18:21:58 ----SHD---- C:\WINDOWS\Installer
2010-03-12 12:59:57 ----SD---- C:\WINDOWS\Tasks
2010-03-12 12:38:24 ----SHD---- C:\System Volume Information
2010-03-12 12:38:08 ----D---- C:\WINDOWS\system32\drivers
2010-03-12 12:37:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-12 12:36:39 ----D---- C:\Program Files\Common Files
2010-03-12 11:27:20 ----D---- C:\Program Files\COMODO
2010-03-12 11:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-03-12 09:25:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-11 19:07:03 ----D---- C:\Program Files\MSN
2010-03-11 17:47:52 ----D---- C:\WINDOWS\network diagnostic
2010-03-11 17:14:48 ----D---- C:\WINDOWS\Debug
2010-03-10 14:00:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-10 14:00:11 ----D---- C:\Program Files\Movie Maker
2010-03-10 13:59:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 11:30:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-05 17:53:27 ----D---- C:\Program Files\CCleaner
2010-03-02 01:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-24 11:53:52 ----D---- C:\WINDOWS\ie8updates
2010-02-10 17:42:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-07 16:12:46 ----D---- C:\Program Files\Google
2010-02-06 16:03:04 ----D---- C:\TEFL
2010-02-06 16:02:48 ----D---- C:\i386
2010-02-06 16:02:40 ----D---- C:\dell
2010-01-29 17:23:24 ----D---- C:\WINDOWS\system32\dla
2010-01-29 15:52:10 ----D---- C:\Program Files\Windows Live
2010-01-29 14:55:37 ----D---- C:\Documents and Settings\T\Application Data\StumbleUpon
2010-01-29 10:52:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-01-28 12:34:56 ----D---- C:\Program Files\Common Files\Java
2010-01-28 12:00:41 ----D---- C:\Program Files\Java
2010-01-24 10:38:31 ----D---- C:\Finances
2010-01-23 04:11:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-01-22 11:53:03 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 23:28:58 ----D---- C:\Program Files\Internet Explorer
2010-01-20 17:27:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-20 16:56:22 ----D---- C:\Program Files\Common Files\Real
2010-01-20 16:55:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-20 16:53:29 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-20 16:53:28 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-20 16:46:14 ----D---- C:\Documents and Settings\T\Application Data\Real
2010-01-20 16:41:14 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-19 20:07:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-14 12:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-08 14:57:40 ----D---- C:\WINDOWS\system32\wbem
2010-01-06 14:59:02 ----RSD---- C:\WINDOWS\assembly
2010-01-06 14:50:44 ----RSD---- C:\WINDOWS\Fonts
2010-01-06 14:50:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-06 14:44:31 ----D---- C:\Program Files\Common Files\System
2010-01-06 09:40:24 ----D---- C:\Program Files\OpenOffice.org 3
2010-01-05 12:58:04 ----D---- C:\WINDOWS\system32\config
2010-01-05 12:52:04 ----D---- C:\WINDOWS\WinSxS
2010-01-05 12:51:52 ----D---- C:\Program Files\MSBuild
2009-12-30 22:17:17 ----D---- C:\WINDOWS\AppPatch
2009-12-27 18:04:34 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-12-27 17:47:38 ----D---- C:\Documents and Settings\All Users\Application Data\GTek
2009-12-23 13:47:40 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 13:10:38 ----D---- C:\WINDOWS\Minidump
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 15:14:02 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 15:14:01 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 09:19:18 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-20 22:53:15 ----D---- C:\Documents and Settings
2009-12-18 18:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-17 18:14:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-16 14:43:27 ----A---- C:\WINDOWS\system32\mspaint.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-12 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-12 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-12 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-12 217136]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-12 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100313.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100313.021\NAVEX15.SYS []
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-12 308272]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-10 1032472]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-12 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-12 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-12 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-12 36400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-11-22 55208]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-12 36400]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-12 117640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe []
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Installer;getPlus(R) Installer; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gupdate1c987866e79faa8;Google Update Service (gupdate1c987866e79faa8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 182768]
S4 LMIRescue;LogMeIn Rescue (e67ed0dd-2e10-409a-842d-fd9354bb38b3); C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe -service -sid e67ed0dd-2e10-409a-842d-fd9354bb38b3 -wd C:\Documents and Settings\T\Local Settings\Application Data\LogMeIn Rescue Calling Card\ []
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.06 2010-03-14 09:12:18

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bentley View V8i 08.11.05.24-->MsiExec.exe /I{87D6CF41-5817-4725-8AB2-90E6B20EDE02}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canon MP Navigator EX 1.2-->"C:\Program Files\Canon\MP Navigator EX 1.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.2\uninst.ini
Canon MP190 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series /L0x0009
Canon MP190 series User Registration-->C:\Program Files\Canon\IJEREG\MP190 series\UNINST.EXE
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Dream Sudoku Trial-->MsiExec.exe /X{631F0A65-2218-47B2-8997-EDE0ED0051A7}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPS Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hyland Web ActiveX Controls-->MsiExec.exe /I{642C6F12-88B6-45A1-89A9-CB1BC791F48E}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MyScribe-->"C:\Program Files\CafeScribe\MyScribe\uninstall.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.8.0.41\InstStub.exe /X
Photo Editor-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
POWERPREP GRE-->C:\WINDOWS\IsUninst.exe -fC:\ETS\PPGRE.isu
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Norton Security Suite
FW: Norton Security Suite

======System event log======

Computer Name: D4FKQD81
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 668989
Source Name: DCOM
Time Written: 20100314081605.000000-240
Event Type: error
User: D4FKQD81\DVG

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668988
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 668987
Source Name: DCOM
Time Written: 20100314081605.000000-240
Event Type: error
User: D4FKQD81\DVG

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668986
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668985
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: D4FKQD81
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070002).

Record Number: 7122
Source Name: Outlook
Time Written: 20100206150601.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 34
Message: Failed to get the Crawl Scope Manager with error=0x80070002.

Record Number: 7121
Source Name: Outlook
Time Written: 20100206150601.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070002).

Record Number: 7120
Source Name: Outlook
Time Written: 20100206150552.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 34
Message: Failed to get the Crawl Scope Manager with error=0x80070002.

Record Number: 7119
Source Name: Outlook
Time Written: 20100206150552.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 20
Message:
Record Number: 7118
Source Name: Google Update
Time Written: 20100206141708.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Last edited by Katana on March 16th, 2010, 8:23 am, edited 1 time in total.
Reason: Removed attachments
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

RSIT logs as directed -- GMER log maybe tomorrow

Unread postby n2934 » March 14th, 2010, 9:58 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by T at 2010-03-14 09:11:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (40%) free of 35 GB
Total RAM: 247 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A1436AFE-2180-4C5F-A870-A156C3FC039E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-12 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL [2010-03-12 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll [2010-03-12 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-09-10 393216]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2005-12-15 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-20 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"LogMeIn"=2
"LMIMaint"=2
"TapiSrv"=3
"StumbleUponUpdateService"=3
"mnmsrvc"=3
"Microsoft Office Groove Audit Service"=3
"LMIRescue"=2
"gusvc"=2
"gupdate1c987866e79faa8"=2
"CiSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42554dce-f7a7-11dd-aef7-001422a7c366}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51dbb2a0-2e9d-11df-ba9d-001422a7c366}]
shell\AutoRun\command - E:\HPLauncher.exe


======List of files/folders created in the last 3 months======

2010-03-14 09:12:05 ----D---- C:\Program Files\trend micro
2010-03-14 09:11:57 ----D---- C:\rsit
2010-03-13 10:43:55 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-03-13 08:39:56 ----D---- C:\Documents and Settings\T\Application Data\ArcSoft
2010-03-13 08:39:02 ----D---- C:\Documents and Settings\T\Application Data\HP SimpleSave Application
2010-03-12 12:38:08 ----RA---- C:\WINDOWS\system32\GEARAspi.dll
2010-03-12 12:36:40 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-03-12 12:36:39 ----D---- C:\Program Files\Symantec
2010-03-12 12:36:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-12 12:34:45 ----D---- C:\Program Files\Windows Sidebar
2010-03-12 12:34:45 ----D---- C:\Program Files\Norton Security Suite
2010-03-12 12:34:42 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-03-12 12:32:59 ----D---- C:\Program Files\NortonInstaller
2010-03-12 09:31:33 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-03-09 20:46:35 ----D---- C:\Documents and Settings\T\Application Data\Yahoo!
2010-03-09 20:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-03-09 20:34:55 ----D---- C:\Program Files\Yahoo!
2010-03-09 14:49:08 ----D---- C:\Documents and Settings\T\Application Data\mIRC
2010-03-09 14:46:19 ----D---- C:\Program Files\Dream Sudoku Trial
2010-03-03 17:04:17 ----RA---- C:\WINDOWS\UNDPX2A.exe
2010-02-23 14:28:58 ----D---- C:\GM591
2010-02-19 20:26:52 ----D---- C:\Documents and Settings\T\Application Data\Move Networks
2010-02-14 13:56:38 ----D---- C:\Program Files\PicLensIE
2010-01-31 22:57:40 ----A---- C:\WINDOWS\cfplogvw.INI
2010-01-29 17:19:21 ----D---- C:\Program Files\TrendMicro
2010-01-28 12:35:27 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-28 12:02:16 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 12:02:15 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 12:02:15 ----A---- C:\WINDOWS\system32\java.exe
2010-01-26 09:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-01-23 20:45:18 ----D---- C:\Program Files\Belarc
2010-01-23 19:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2010-01-23 19:13:34 ----D---- C:\OTS
2010-01-23 16:14:49 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-01-23 16:14:40 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2010-01-23 16:14:40 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-01-23 16:14:38 ----A---- C:\WINDOWS\system32\LMIinit.dll.000.bak
2010-01-23 16:14:38 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-01-23 16:09:20 ----D---- C:\Program Files\LogMeIn
2010-01-22 10:44:26 ----D---- C:\education
2010-01-20 17:26:17 ----D---- C:\Program Files\Common Files\Adobe
2010-01-20 17:03:16 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-20 16:16:04 ----D---- C:\Program Files\QuickTime
2010-01-20 16:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-08 17:11:00 ----D---- C:\Documents and Settings\T\Application Data\webex
2010-01-05 13:01:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-01-05 12:52:24 ----D---- C:\Program Files\Microsoft Works
2010-01-05 12:50:38 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-05 12:50:37 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-05 12:48:28 ----D---- C:\Program Files\Microsoft.NET
2010-01-05 12:39:21 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-01-05 12:36:06 ----HD---- C:\WINDOWS\ShellNew
2010-01-05 12:34:01 ----D---- C:\Program Files\Microsoft Office
2010-01-05 12:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-05 12:32:14 ----RHD---- C:\MSOCache
2010-01-05 10:50:49 ----D---- C:\Temp
2010-01-04 14:57:34 ----D---- C:\Documents and Settings\T\Application Data\MyScribe
2010-01-04 14:38:53 ----D---- C:\Program Files\CafeScribe
2009-12-20 20:11:10 ----D---- C:\Program Files\MSSOAP
2009-12-20 19:55:45 ----D---- C:\Program Files\Webroot
2009-12-19 16:31:43 ----D---- C:\SCAN
2009-12-17 22:23:08 ----D---- C:\Program Files\NOS

======List of files/folders modified in the last 3 months======

2010-03-14 09:12:05 ----RD---- C:\Program Files
2010-03-14 09:05:12 ----D---- C:\downloads
2010-03-14 09:02:16 ----ASH---- C:\boot.ini
2010-03-14 09:02:16 ----A---- C:\WINDOWS\win.ini
2010-03-14 09:02:16 ----A---- C:\WINDOWS\system.ini
2010-03-14 08:46:35 ----D---- C:\WINDOWS\system32
2010-03-14 08:46:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 08:45:08 ----D---- C:\WINDOWS\Prefetch
2010-03-14 08:44:41 ----D---- C:\WINDOWS\Temp
2010-03-14 08:40:45 ----D---- C:\WINDOWS
2010-03-14 08:39:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-13 15:30:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-13 11:43:26 ----SD---- C:\Documents and Settings\T\Application Data\Microsoft
2010-03-13 09:56:36 ----D---- C:\WINDOWS\repair
2010-03-13 09:55:22 ----D---- C:\WINDOWS\Registration
2010-03-13 08:38:17 ----HD---- C:\WINDOWS\inf
2010-03-12 20:20:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-12 18:21:58 ----SHD---- C:\WINDOWS\Installer
2010-03-12 12:59:57 ----SD---- C:\WINDOWS\Tasks
2010-03-12 12:38:24 ----SHD---- C:\System Volume Information
2010-03-12 12:38:08 ----D---- C:\WINDOWS\system32\drivers
2010-03-12 12:37:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-12 12:36:39 ----D---- C:\Program Files\Common Files
2010-03-12 11:27:20 ----D---- C:\Program Files\COMODO
2010-03-12 11:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-03-12 09:25:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-11 19:07:03 ----D---- C:\Program Files\MSN
2010-03-11 17:47:52 ----D---- C:\WINDOWS\network diagnostic
2010-03-11 17:14:48 ----D---- C:\WINDOWS\Debug
2010-03-10 14:00:19 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-10 14:00:11 ----D---- C:\Program Files\Movie Maker
2010-03-10 13:59:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-07 11:30:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-05 17:53:27 ----D---- C:\Program Files\CCleaner
2010-03-02 01:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-24 11:53:52 ----D---- C:\WINDOWS\ie8updates
2010-02-10 17:42:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-07 16:12:46 ----D---- C:\Program Files\Google
2010-02-06 16:03:04 ----D---- C:\TEFL
2010-02-06 16:02:48 ----D---- C:\i386
2010-02-06 16:02:40 ----D---- C:\dell
2010-01-29 17:23:24 ----D---- C:\WINDOWS\system32\dla
2010-01-29 15:52:10 ----D---- C:\Program Files\Windows Live
2010-01-29 14:55:37 ----D---- C:\Documents and Settings\T\Application Data\StumbleUpon
2010-01-29 10:52:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-01-28 12:34:56 ----D---- C:\Program Files\Common Files\Java
2010-01-28 12:00:41 ----D---- C:\Program Files\Java
2010-01-24 10:38:31 ----D---- C:\Finances
2010-01-23 04:11:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-01-22 11:53:03 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 23:28:58 ----D---- C:\Program Files\Internet Explorer
2010-01-20 17:27:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-20 16:56:22 ----D---- C:\Program Files\Common Files\Real
2010-01-20 16:55:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-20 16:53:29 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-20 16:53:28 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-20 16:46:14 ----D---- C:\Documents and Settings\T\Application Data\Real
2010-01-20 16:41:14 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-19 20:07:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-14 12:12:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-08 14:57:40 ----D---- C:\WINDOWS\system32\wbem
2010-01-06 14:59:02 ----RSD---- C:\WINDOWS\assembly
2010-01-06 14:50:44 ----RSD---- C:\WINDOWS\Fonts
2010-01-06 14:50:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-06 14:44:31 ----D---- C:\Program Files\Common Files\System
2010-01-06 09:40:24 ----D---- C:\Program Files\OpenOffice.org 3
2010-01-05 12:58:04 ----D---- C:\WINDOWS\system32\config
2010-01-05 12:52:04 ----D---- C:\WINDOWS\WinSxS
2010-01-05 12:51:52 ----D---- C:\Program Files\MSBuild
2009-12-30 22:17:17 ----D---- C:\WINDOWS\AppPatch
2009-12-27 18:04:34 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-12-27 17:47:38 ----D---- C:\Documents and Settings\All Users\Application Data\GTek
2009-12-23 13:47:40 ----D---- C:\WINDOWS\system32\Restore
2009-12-23 13:10:38 ----D---- C:\WINDOWS\Minidump
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 15:14:05 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 15:14:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 15:14:03 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 15:14:02 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 15:14:01 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 09:19:18 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-20 22:53:15 ----D---- C:\Documents and Settings
2009-12-18 18:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-17 18:14:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-16 14:43:27 ----A---- C:\WINDOWS\system32\mspaint.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-12 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-12 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100310.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2010-03-12 43696]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2010-03-12 217136]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-03-12 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100313.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100313.021\NAVEX15.SYS []
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2010-03-12 308272]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-10 1032472]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2010-03-12 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2010-03-12 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-12 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2010-03-12 36400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pctNDIS;PC Tools Driver; C:\WINDOWS\system32\DRIVERS\pctNdis.sys [2009-11-22 55208]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2010-03-12 36400]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-12 117640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe []
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Installer;getPlus(R) Installer; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 gupdate1c987866e79faa8;Google Update Service (gupdate1c987866e79faa8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 182768]
S4 LMIRescue;LogMeIn Rescue (e67ed0dd-2e10-409a-842d-fd9354bb38b3); C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe -service -sid e67ed0dd-2e10-409a-842d-fd9354bb38b3 -wd C:\Documents and Settings\T\Local Settings\Application Data\LogMeIn Rescue Calling Card\ []
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.06 2010-03-14 09:12:18

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bentley View V8i 08.11.05.24-->MsiExec.exe /I{87D6CF41-5817-4725-8AB2-90E6B20EDE02}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canon MP Navigator EX 1.2-->"C:\Program Files\Canon\MP Navigator EX 1.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.2\uninst.ini
Canon MP190 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series /L0x0009
Canon MP190 series User Registration-->C:\Program Files\Canon\IJEREG\MP190 series\UNINST.EXE
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Dream Sudoku Trial-->MsiExec.exe /X{631F0A65-2218-47B2-8997-EDE0ED0051A7}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPS Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hyland Web ActiveX Controls-->MsiExec.exe /I{642C6F12-88B6-45A1-89A9-CB1BC791F48E}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MyScribe-->"C:\Program Files\CafeScribe\MyScribe\uninstall.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Security Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.8.0.41\InstStub.exe /X
Photo Editor-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
POWERPREP GRE-->C:\WINDOWS\IsUninst.exe -fC:\ETS\PPGRE.isu
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Norton Security Suite
FW: Norton Security Suite

======System event log======

Computer Name: D4FKQD81
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 668989
Source Name: DCOM
Time Written: 20100314081605.000000-240
Event Type: error
User: D4FKQD81\DVG

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668988
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 10005
Message: DCOM got error "%2" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 668987
Source Name: DCOM
Time Written: 20100314081605.000000-240
Event Type: error
User: D4FKQD81\DVG

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668986
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 668985
Source Name: Service Control Manager
Time Written: 20100314081605.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: D4FKQD81
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070002).

Record Number: 7122
Source Name: Outlook
Time Written: 20100206150601.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 34
Message: Failed to get the Crawl Scope Manager with error=0x80070002.

Record Number: 7121
Source Name: Outlook
Time Written: 20100206150601.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x80070002).

Record Number: 7120
Source Name: Outlook
Time Written: 20100206150552.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 34
Message: Failed to get the Crawl Scope Manager with error=0x80070002.

Record Number: 7119
Source Name: Outlook
Time Written: 20100206150552.000000-300
Event Type: error
User:

Computer Name: D4FKQD81
Event Code: 20
Message:
Record Number: 7118
Source Name: Google Update
Time Written: 20100206141708.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 16th, 2010, 4:31 am

Do you have the GMER log yet ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 16th, 2010, 7:57 am

Thank you very much!



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-15 09:43:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\T\LOCALS~1\Temp\fwdoapoc.sys


---- System - GMER 1.0.15 ----

SSDT FF7864E0 ZwAlertResumeThread
SSDT FF7865C0 ZwAlertThread
SSDT FF786DF0 ZwAllocateVirtualMemory
SSDT FF785C88 ZwAssignProcessToJobObject
SSDT FF87B208 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA2CE130]
SSDT FF786230 ZwCreateMutant
SSDT FF7A6F20 ZwCreateSymbolicLinkObject
SSDT FF789E70 ZwCreateThread
SSDT FF785D68 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA2CE3B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA2CE910]
SSDT FF786FC0 ZwDuplicateObject
SSDT FF786C10 ZwFreeVirtualMemory
SSDT FF786320 ZwImpersonateAnonymousToken
SSDT FF786400 ZwImpersonateThread
SSDT FF85B110 ZwLoadDriver
SSDT FF786B10 ZwMapViewOfSection
SSDT FF786150 ZwOpenEvent
SSDT FF7871C8 ZwOpenProcess
SSDT FF786EE0 ZwOpenProcessToken
SSDT FF785F90 ZwOpenSection
SSDT FF7870D8 ZwOpenThread
SSDT FF785B98 ZwProtectVirtualMemory
SSDT FF789298 ZwResumeThread
SSDT FF786860 ZwSetContextThread
SSDT FF786940 ZwSetInformationProcess
SSDT FF785E48 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA2CEB60]
SSDT FF786070 ZwSuspendProcess
SSDT FF7866A0 ZwSuspendThread
SSDT FF787320 ZwTerminateProcess
SSDT FF786780 ZwTerminateThread
SSDT FF786A30 ZwUnmapViewOfSection
SSDT FF786D00 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A89B7D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

thanks again!
Last edited by Katana on March 16th, 2010, 8:24 am, edited 1 time in total.
Reason: Removed attachments
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 16th, 2010, 8:27 am

There is no obvious sign of infection, we will have to look a bit deeper.


----------------------------------------------------------------------------------------
Step 1


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


----------------------------------------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Combofix Log
  • Kaspersky Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 16th, 2010, 8:10 pm

ComboFix 10-03-15.06 - T 03/16/2010 14:12:49.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.18 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1327433279-555313921-1828105305-1003

.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-15 17:25 . 2010-03-15 20:12 -------- d-----w- C:\Energy
2010-03-14 13:12 . 2010-03-14 13:12 -------- d-----w- c:\program files\trend micro
2010-03-14 13:11 . 2010-03-14 13:12 -------- d-----w- C:\rsit
2010-03-13 14:43 . 2010-03-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\ArcSoft
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\HP SimpleSave Application
2010-03-12 16:38 . 2010-03-12 16:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-12 16:38 . 2010-03-12 16:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-12 16:36 . 2010-03-12 16:35 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-12 16:36 . 2010-03-12 16:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-12 16:36 . 2010-03-12 16:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-12 16:36 . 2010-03-12 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:36 . 2010-03-12 16:36 -------- d-----w- c:\program files\Symantec
2010-03-12 16:34 . 2010-03-12 22:05 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-12 16:34 . 2010-03-12 16:35 -------- d-----w- c:\program files\Norton Security Suite
2010-03-12 16:34 . 2010-03-12 16:34 -------- d-----w- c:\program files\Windows Sidebar
2010-03-12 16:34 . 2010-03-12 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-12 16:32 . 2010-03-12 16:32 -------- d-----w- c:\program files\NortonInstaller
2010-03-12 13:31 . 2010-03-12 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-12 12:17 . 2010-03-12 12:17 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Sunbelt Software
2010-03-10 16:32 . 2010-03-10 16:32 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\Yahoo
2010-03-10 16:30 . 2010-03-10 16:30 -------- d-----w- c:\documents and settings\DVG\Application Data\Yahoo!
2010-03-10 16:12 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:10 . 2010-03-10 01:18 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Yahoo
2010-03-10 00:46 . 2010-03-10 01:09 -------- d-----w- c:\documents and settings\T\Application Data\Yahoo!
2010-03-10 00:43 . 2010-03-11 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-10 00:34 . 2010-03-12 00:23 -------- d-----w- c:\program files\Yahoo!
2010-03-09 21:26 . 2010-03-09 22:03 -------- d-----w- c:\documents and settings\DVG\Application Data\mIRC
2010-03-09 18:49 . 2010-03-09 18:49 -------- d-----w- c:\documents and settings\T\Application Data\mIRC
2010-03-09 18:46 . 2010-03-09 18:46 -------- d-----w- c:\program files\Dream Sudoku Trial
2010-03-06 19:07 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Application Data\webex
2010-03-06 19:04 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\WebEx
2010-03-03 21:04 . 2004-06-10 14:34 53693 ----a-r- c:\windows\UNDPX2A.sys
2010-03-03 21:04 . 2004-06-10 14:31 135168 ----a-r- c:\windows\UNDPX2A.exe
2010-03-03 21:04 . 2004-06-09 23:42 15429 ----a-r- c:\windows\system32\drivers\Sacm2A.sys
2010-02-23 18:28 . 2010-03-11 18:09 -------- d-----w- C:\GM591
2010-02-20 00:26 . 2010-03-05 19:34 -------- d-----w- c:\documents and settings\T\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 01:17 . 2009-09-14 22:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 14:20 . 2010-01-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 02:01 . 2010-01-05 14:06 -------- d-----w- c:\documents and settings\DVG\Application Data\MyScribe
2010-03-12 16:36 . 2010-03-12 16:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-12 16:36 . 2010-03-12 16:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-12 15:27 . 2009-12-02 18:44 -------- d-----w- c:\program files\COMODO
2010-03-12 15:16 . 2009-09-15 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-12 12:26 . 2009-11-03 13:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-12 00:23 . 2010-01-26 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-12 00:23 . 2010-02-14 17:56 -------- d-----w- c:\program files\PicLensIE
2010-03-05 21:53 . 2009-09-13 20:55 -------- d-----w- c:\program files\CCleaner
2010-03-03 20:25 . 2009-06-17 01:20 -------- d-----w- c:\documents and settings\DVG\Application Data\U3
2010-02-28 20:51 . 2010-01-04 18:57 -------- d-----w- c:\documents and settings\T\Application Data\MyScribe
2010-02-28 16:22 . 2010-02-03 20:51 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-02-28 16:22 . 2010-02-03 20:51 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-02-07 20:12 . 2009-02-05 11:36 -------- d-----w- c:\program files\Google
2010-02-07 16:12 . 2010-01-23 20:09 -------- d-----w- c:\program files\LogMeIn
2010-02-01 11:07 . 2009-12-16 07:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-29 21:19 . 2010-01-29 21:19 -------- d-----w- c:\program files\TrendMicro
2010-01-29 19:52 . 2009-10-25 23:23 -------- d-----w- c:\program files\Windows Live
2010-01-29 18:55 . 2009-03-01 20:04 -------- d-----w- c:\documents and settings\T\Application Data\StumbleUpon
2010-01-29 14:52 . 2009-02-05 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-28 16:34 . 2006-02-28 18:05 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 16:00 . 2006-02-28 18:05 -------- d-----w- c:\program files\Java
2010-01-24 00:45 . 2010-01-24 00:45 -------- d-----w- c:\program files\Belarc
2010-01-23 23:29 . 2010-01-23 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-20 21:27 . 2010-01-20 21:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 20:56 . 2006-02-28 18:18 -------- d-----w- c:\program files\Common Files\Real
2010-01-20 20:24 . 2010-01-20 20:16 -------- d-----w- c:\program files\QuickTime
2010-01-20 20:15 . 2010-01-20 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 00:07 . 2009-03-14 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-10-16 23:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 11:53 . 2009-03-20 00:17 80368 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:22 . 2009-08-01 22:32 80368 ----a-w- c:\documents and settings\DVG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2006-02-28 17:44 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-02-05 11:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-04-14 00:12 343040 ----a-w- c:\windows\system32\mspaint.exe
2010-01-08 21:08 . 2010-01-08 21:08 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-08 21:08 . 2010-01-08 21:08 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-08 21:08 . 2010-01-08 21:08 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-02-14 17:22 . 2009-02-14 17:22 56 --sh--r- c:\windows\system32\398F75844F.sys
2009-02-14 17:22 . 2009-02-14 17:22 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 16:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 10:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-20 20:39 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"TapiSrv"=3 (0x3)
"StumbleUponUpdateService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LMIRescue"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c987866e79faa8"=2 (0x2)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24006:TCP"= 24006:TCP:*:Disabled:BitComet 24006 TCP
"24006:UDP"= 24006:UDP:*:Disabled:BitComet 24006 UDP

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [x]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2009-11-22 55208]
R4 gupdate1c987866e79faa8;Google Update Service (gupdate1c987866e79faa8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
R4 LMIRescue;LogMeIn Rescue (e67ed0dd-2e10-409a-842d-fd9354bb38b3);c:\program files\LogMeIn Rescue Calling Card\CallingCard.exe [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-12 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-12 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-12 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSxpx86.sys [2009-10-28 329592]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-12 95024]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-12 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-12 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{A1436AFE-2180-4C5F-A870-A156C3FC039E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://malwareremoval.com/forum/viewtop ... 7&e=511727
uInternet Connection Wizard,ShellNext = iexplore
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\4w9t11f6.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\4w9t11f6.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.5.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\4w9t11f6.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit-3.6.dll
FF - component: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\4w9t11f6.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\T\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\4w9t11f6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-DellSupport - c:\program files\DellSupport\DSAgnt.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(536)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-03-16 14:33:40
ComboFix-quarantined-files.txt 2010-03-16 18:33

Pre-Run: 14,646,517,760 bytes free
Post-Run: 14,650,851,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - A7CDE54A374707E472B7051000E41C38
You do not have the required permissions to view the files attached to this post.
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 16th, 2010, 8:20 pm

The attached file is a screenshot from when I ran Kaspersky Online Scanner. I let it run for a full hour, but the timer locked up after 20 minutes - it seemed like it might still be scanning, but no results so I'll re-boot and try again.
You do not have the required permissions to view the files attached to this post.
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 17th, 2010, 4:55 am

There is no sign of infection there, but you do have LogMeIn installed which could affect you machines speed.

You also have very little RAM for todays programs.
Total RAM: 247 MB


sometimes tells me messages that aren't true
What do you mean by this ?

If you still have trouble with Kaspersky, please try the following scan instead ...


Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan << LINK
  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small export to notepad button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 17th, 2010, 7:54 pm

I went to Add/Remove Programs, but couldn't find LogMeIn. I know about the RAM - The computer's getting a little faster with every bug cleared out, however. The file from ActiveScan is attached. Strangely, Active Scan jumped from 43% to say:
Congratulations! Today you are not infected. We have not detected any protection on your PC. With Panda solutions you will be protected against more than 13 million viruses, spyware and other threats.

What I meant about that message - sometimes it says "Your computer is running out of hard drive space" or "low on virtual memory" in the systray popups - I check the hard drive space left & Windows Task Manager for memory, & it's strangely no different from the numbers when everything is running great. There have been other peculiar dialog pop-ups, but can't think of the specific wording. A couple times it said ... and needs to close. Then it didn't close the program, and I was able to continue using it with no problems.

I also uninstalled Firefox, in case that might help.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-17 19:40:06
PROTECTIONS: 0
MALWARE: 0
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\downloads\combofix.exe[32788r22fwjfw\pev.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
You do not have the required permissions to view the files attached to this post.
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 18th, 2010, 6:19 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "LogMeIn"=-
    "LMIMaint"=-
    "LMIRescue"=-
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "24006:TCP"=-
    "24006:UDP"=-
    Driver::
    LMIInfo
    LMIRescue
    ADS::

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 18th, 2010, 9:11 pm

Things are running better than they have in a long time. IE still opens without tabs the first time it's run, but it doesn't open extra windows every time, but when I clicked to add (attach) a text file to this post, she popped up 7 new windows. (Pop-up blocker was off).

Thank you! I also ran Microsoft OneCare Scanner from the web site, and it didn't find any malware, but it cleaned 766 registry entries and 2 registry errors.


combofix_log2.txt:

ComboFix 10-03-15.06 - T 03/18/2010 20:29:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.98 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LMIINFO
-------\Legacy_LMIRESCUE
-------\Service_LMIInfo
-------\Service_LMIRescue


((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-18 13:38 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\T\Application Data\ArcSoft Backup Application
2010-03-18 12:13 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-18 12:13 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-18 12:12 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-18 12:11 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-18 12:11 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-18 12:10 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-18 12:10 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-18 12:09 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-18 12:09 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-03-18 12:09 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-03-18 12:09 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-03-18 12:09 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-18 12:09 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-03-18 12:08 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-03-18 12:08 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-03-18 12:08 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-03-18 12:08 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-03-18 12:08 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-03-18 12:08 . 2008-10-27 14:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-18 12:08 . 2008-10-27 14:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-18 12:07 . 2008-10-27 14:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-18 12:07 . 2008-10-27 14:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-18 12:07 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-03-18 12:07 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-03-18 12:07 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-03-18 12:06 . 2008-07-10 15:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-03-18 12:06 . 2008-07-10 15:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-03-18 12:06 . 2008-07-10 15:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-03-18 12:06 . 2008-05-30 18:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-03-18 12:06 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-03-18 12:06 . 2008-05-30 18:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-03-18 12:06 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-03-18 12:06 . 2008-05-30 18:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-03-18 12:06 . 2008-05-30 18:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-03-18 12:06 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-03-18 12:05 . 2008-03-05 20:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-03-18 12:05 . 2008-03-05 20:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-18 12:05 . 2008-03-05 20:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-03-18 12:05 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-18 12:05 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-18 12:05 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-18 12:05 . 2007-10-22 07:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-03-18 12:05 . 2007-10-12 19:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-03-18 12:05 . 2007-10-02 13:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-03-18 12:04 . 2007-10-12 19:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-03-18 12:04 . 2007-07-20 04:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-03-18 12:04 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-03-18 12:04 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-03-18 12:04 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-03-18 12:04 . 2007-06-21 00:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-03-18 12:04 . 2007-10-22 07:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-03-18 12:04 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-03-18 12:04 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-03-18 12:04 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-03-18 12:02 . 2007-04-04 22:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-03-18 12:02 . 2007-03-15 20:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-03-18 12:02 . 2007-03-12 20:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-03-18 12:00 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-03-18 11:59 . 2007-01-24 19:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-03-18 11:41 . 2010-03-18 11:51 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-18 11:41 . 2010-03-18 11:41 -------- d-----w- c:\windows\Logs
2010-03-18 11:37 . 2010-03-18 17:14 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-17 18:43 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-17 18:42 . 2010-03-17 18:42 -------- d-----w- c:\program files\Panda Security
2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Symantec
2010-03-15 17:25 . 2010-03-15 20:12 -------- d-----w- C:\Energy
2010-03-14 13:12 . 2010-03-14 13:12 -------- d-----w- c:\program files\trend micro
2010-03-14 13:11 . 2010-03-14 13:12 -------- d-----w- C:\rsit
2010-03-13 14:43 . 2010-03-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\ArcSoft
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\HP SimpleSave Application
2010-03-12 16:38 . 2010-03-12 16:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-12 16:38 . 2010-03-12 16:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-12 16:36 . 2010-03-12 16:35 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-12 16:36 . 2010-03-12 16:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-12 16:36 . 2010-03-12 16:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-12 16:36 . 2010-03-12 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:36 . 2010-03-12 16:36 -------- d-----w- c:\program files\Symantec
2010-03-12 16:34 . 2010-03-12 22:05 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-12 16:34 . 2010-03-12 16:35 -------- d-----w- c:\program files\Norton Security Suite
2010-03-12 16:34 . 2010-03-12 16:34 -------- d-----w- c:\program files\Windows Sidebar
2010-03-12 16:34 . 2010-03-12 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-12 16:32 . 2010-03-12 16:32 -------- d-----w- c:\program files\NortonInstaller
2010-03-12 13:31 . 2010-03-12 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-12 12:17 . 2010-03-12 12:17 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Sunbelt Software
2010-03-10 16:32 . 2010-03-10 16:32 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\Yahoo
2010-03-10 16:30 . 2010-03-10 16:30 -------- d-----w- c:\documents and settings\DVG\Application Data\Yahoo!
2010-03-10 16:12 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:10 . 2010-03-10 01:18 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Yahoo
2010-03-10 00:46 . 2010-03-10 01:09 -------- d-----w- c:\documents and settings\T\Application Data\Yahoo!
2010-03-10 00:43 . 2010-03-11 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-09 21:26 . 2010-03-09 22:03 -------- d-----w- c:\documents and settings\DVG\Application Data\mIRC
2010-03-09 18:49 . 2010-03-09 18:49 -------- d-----w- c:\documents and settings\T\Application Data\mIRC
2010-03-09 18:46 . 2010-03-09 18:46 -------- d-----w- c:\program files\Dream Sudoku Trial
2010-03-06 19:07 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Application Data\webex
2010-03-06 19:04 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\WebEx
2010-03-03 21:04 . 2004-06-10 14:34 53693 ----a-r- c:\windows\UNDPX2A.sys
2010-03-03 21:04 . 2004-06-10 14:31 135168 ----a-r- c:\windows\UNDPX2A.exe
2010-03-03 21:04 . 2004-06-09 23:42 15429 ----a-r- c:\windows\system32\drivers\Sacm2A.sys
2010-02-23 18:28 . 2010-03-11 18:09 -------- d-----w- C:\GM591
2010-02-20 00:26 . 2010-03-17 18:21 -------- d-----w- c:\documents and settings\T\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 15:59 . 2006-02-28 18:05 -------- d-----w- c:\program files\Java
2010-03-18 15:56 . 2010-01-06 14:11 152576 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-18 13:37 . 2006-02-28 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 01:17 . 2009-09-14 22:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 14:20 . 2010-01-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 02:01 . 2010-01-05 14:06 -------- d-----w- c:\documents and settings\DVG\Application Data\MyScribe
2010-03-12 16:36 . 2010-03-12 16:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-12 16:36 . 2010-03-12 16:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-12 16:35 . 2010-03-12 16:35 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-12 16:35 . 2010-03-12 16:35 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-12 16:35 . 2010-03-12 16:35 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-12 15:16 . 2009-09-15 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-12 12:26 . 2009-11-03 13:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-12 08:54 . 2010-03-18 22:25 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVEX32A.DLL
2010-03-12 08:54 . 2010-03-18 22:25 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVEX15.SYS
2010-03-12 08:54 . 2010-03-18 22:25 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVENG.SYS
2010-03-12 08:54 . 2010-03-18 22:25 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVENG32.DLL
2010-03-12 08:54 . 2010-03-18 22:25 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\EECTRL.SYS
2010-03-12 08:54 . 2010-03-18 22:25 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\CCERASER.DLL
2010-03-12 08:54 . 2010-03-18 22:25 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\ECMSVR32.DLL
2010-03-12 08:54 . 2010-03-18 22:25 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\ERASER.SYS
2010-03-12 00:23 . 2010-01-26 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-05 21:53 . 2009-09-13 20:55 -------- d-----w- c:\program files\CCleaner
2010-03-03 20:25 . 2009-06-17 01:20 -------- d-----w- c:\documents and settings\DVG\Application Data\U3
2010-02-28 20:51 . 2010-01-04 18:57 -------- d-----w- c:\documents and settings\T\Application Data\MyScribe
2010-02-28 16:22 . 2010-02-03 20:51 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-02-28 16:22 . 2010-02-03 20:51 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-02-12 22:41 . 2010-03-19 00:43 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-07 20:12 . 2009-02-05 11:36 -------- d-----w- c:\program files\Google
2010-02-07 16:12 . 2010-01-23 20:09 -------- d-----w- c:\program files\LogMeIn
2010-02-01 11:07 . 2009-12-16 07:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-29 21:19 . 2010-01-29 21:19 388096 ----a-r- c:\documents and settings\T\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-29 21:19 . 2010-01-29 21:19 -------- d-----w- c:\program files\TrendMicro
2010-01-29 19:52 . 2009-10-25 23:23 -------- d-----w- c:\program files\Windows Live
2010-01-29 18:55 . 2009-03-01 20:04 -------- d-----w- c:\documents and settings\T\Application Data\StumbleUpon
2010-01-29 14:52 . 2009-02-05 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-29 03:22 . 2010-01-29 03:22 503808 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\msvcp71.dll
2010-01-29 03:22 . 2010-01-29 03:22 499712 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\jmc.dll
2010-01-29 03:22 . 2010-01-29 03:22 348160 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\msvcr71.dll
2010-01-29 03:22 . 2010-01-29 03:22 61440 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1c4601b9-n\decora-sse.dll
2010-01-29 03:22 . 2010-01-29 03:22 12800 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1c4601b9-n\decora-d3d.dll
2010-01-28 16:34 . 2006-02-28 18:05 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 16:04 . 2010-01-28 16:04 503808 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\msvcp71.dll
2010-01-28 16:04 . 2010-01-28 16:04 348160 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\msvcr71.dll
2010-01-28 16:04 . 2010-01-28 16:04 499712 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\jmc.dll
2010-01-28 16:04 . 2010-01-28 16:04 61440 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35a4f4fd-n\decora-sse.dll
2010-01-28 16:04 . 2010-01-28 16:04 12800 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35a4f4fd-n\decora-d3d.dll
2010-01-24 00:45 . 2010-01-24 00:45 -------- d-----w- c:\program files\Belarc
2010-01-23 23:29 . 2010-01-23 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-20 21:27 . 2010-01-20 21:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 20:56 . 2010-01-06 14:11 79488 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 20:56 . 2006-02-28 18:18 -------- d-----w- c:\program files\Common Files\Real
2010-01-20 20:24 . 2010-01-20 20:16 -------- d-----w- c:\program files\QuickTime
2010-01-20 20:15 . 2010-01-20 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 00:07 . 2009-03-14 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-10-16 23:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 11:53 . 2009-03-20 00:17 80368 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:22 . 2009-08-01 22:32 80368 ----a-w- c:\documents and settings\DVG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 20:57 . 2010-01-25 01:20 103424 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-05 20:57 . 2010-01-25 01:20 545280 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-05 20:57 . 2010-01-25 01:20 153600 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-05 20:57 . 2010-01-25 01:20 344064 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-05 20:57 . 2010-01-25 01:20 4725760 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-05 20:57 . 2010-01-25 01:20 57856 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-12-31 16:50 . 2006-02-28 17:44 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 18:51 916480 ------w- c:\windows\system32\wininet.dll
2010-01-08 21:08 . 2010-01-08 21:08 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-08 21:08 . 2010-01-08 21:08 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-08 21:08 . 2010-01-08 21:08 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-02-14 17:22 . 2009-02-14 17:22 56 --sh--r- c:\windows\system32\398F75844F.sys
2009-02-14 17:22 . 2009-02-14 17:22 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-16_18.22.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-19 00:22 . 2010-03-19 00:22 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2010-03-19 00:43 . 2010-03-19 00:43 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-03-19 00:42 . 2010-03-19 00:42 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
+ 2009-09-03 11:36 . 2007-04-04 22:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-09-03 11:36 . 2007-03-05 16:42 15128 c:\windows\system32\x3daudio1_1.dll
- 2009-09-03 11:36 . 2006-11-15 15:38 15128 c:\windows\system32\x3daudio1_1.dll
- 2010-01-28 16:02 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2010-01-28 16:02 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2010-01-28 16:02 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-02-06 00:52 . 2010-02-06 00:52 464272 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2009-08-04 18:06 . 2009-08-04 18:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2010-03-18 15:59 . 2010-03-18 15:59 1757696 c:\windows\Installer\10b2b1b.msi
- 2009-02-01 10:11 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2009-02-01 10:11 . 2010-03-02 01:30 31648712 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 16:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 10:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-20 20:39 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"TapiSrv"=3 (0x3)
"StumbleUponUpdateService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c987866e79faa8"=2 (0x2)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/17/2010 2:43 PM 28552]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/12/2010 1:17 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/12/2010 1:17 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/12/2010 1:17 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 6:17 PM 329592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/3/2009 9:12 AM 95024]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/12/2010 1:16 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2010 4:54 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/23/2009 6:06 PM 55208]
S4 gupdate1c987866e79faa8;Google Update Service (gupdate1c987866e79faa8);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 7:39 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{A1436AFE-2180-4C5F-A870-A156C3FC039E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://malwareremoval.com/forum/viewtop ... 7&e=511727
uInternet Connection Wizard,ShellNext = iexplore
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-03-18 20:52:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 00:52
ComboFix2.txt 2010-03-16 18:33

Pre-Run: 14,268,334,080 bytes free
Post-Run: 14,139,478,016 bytes free

- - End Of File - - 7EAFEE6391863EB0F45A4A8099CDE3B4
You do not have the required permissions to view the files attached to this post.
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby n2934 » March 18th, 2010, 9:32 pm

This is the C:\ComboFix.txt file created with the last run. When I clicked to attach this file, it only popped up two windows, one continued to say "The upload is currently in progress," even after the file finished uploading, and the other was a small blank window. My computer might be running better, I'm optimistic but I'm not sure. It wouldn't run my backup software off my HP external hard drive, but that might not be malware. I also ran the OSI at secunia.com & it found a Java update. Thanks again.


ComboFix 10-03-15.06 - T 03/18/2010 20:29:50.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.98 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LMIINFO
-------\Legacy_LMIRESCUE
-------\Service_LMIInfo
-------\Service_LMIRescue


((((((((((((((((((((((((( Files Created from 2010-02-19 to 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-18 13:38 . 2010-03-18 13:38 -------- d-----w- c:\documents and settings\T\Application Data\ArcSoft Backup Application
2010-03-18 12:13 . 2010-02-04 14:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-18 12:13 . 2010-02-04 14:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-18 12:12 . 2010-02-04 14:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-18 12:11 . 2010-02-04 14:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-18 12:11 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-18 12:10 . 2009-09-04 21:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-18 12:10 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-18 12:10 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-18 12:09 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-18 12:09 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-03-18 12:09 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-03-18 12:09 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-03-18 12:09 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-18 12:09 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-03-18 12:08 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-03-18 12:08 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-03-18 12:08 . 2008-10-10 08:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-03-18 12:08 . 2008-10-10 08:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-03-18 12:08 . 2008-10-10 08:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-03-18 12:08 . 2008-10-27 14:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-18 12:08 . 2008-10-27 14:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-18 12:07 . 2008-10-27 14:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-18 12:07 . 2008-10-27 14:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-18 12:07 . 2008-07-31 14:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-03-18 12:07 . 2008-07-31 14:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-03-18 12:07 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-03-18 12:06 . 2008-07-10 15:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-03-18 12:06 . 2008-07-10 15:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-03-18 12:06 . 2008-07-10 15:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-03-18 12:06 . 2008-05-30 18:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-03-18 12:06 . 2008-05-30 18:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-03-18 12:06 . 2008-05-30 18:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-03-18 12:06 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-03-18 12:06 . 2008-05-30 18:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-03-18 12:06 . 2008-05-30 18:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-03-18 12:06 . 2008-05-30 18:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-03-18 12:05 . 2008-03-05 20:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-03-18 12:05 . 2008-03-05 20:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-18 12:05 . 2008-03-05 20:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-03-18 12:05 . 2008-03-05 19:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-03-18 12:05 . 2008-02-06 03:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-03-18 12:05 . 2008-03-05 19:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-03-18 12:05 . 2007-10-22 07:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-03-18 12:05 . 2007-10-12 19:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-03-18 12:05 . 2007-10-02 13:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-03-18 12:04 . 2007-10-12 19:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-03-18 12:04 . 2007-07-20 04:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-03-18 12:04 . 2007-07-19 22:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-03-18 12:04 . 2007-07-19 22:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-03-18 12:04 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-03-18 12:04 . 2007-06-21 00:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-03-18 12:04 . 2007-10-22 07:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-03-18 12:04 . 2007-05-16 20:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-03-18 12:04 . 2007-05-16 20:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-03-18 12:04 . 2007-05-16 20:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-03-18 12:02 . 2007-04-04 22:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-03-18 12:02 . 2007-03-15 20:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-03-18 12:02 . 2007-03-12 20:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-03-18 12:00 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-03-18 11:59 . 2007-01-24 19:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-03-18 11:41 . 2010-03-18 11:51 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-18 11:41 . 2010-03-18 11:41 -------- d-----w- c:\windows\Logs
2010-03-18 11:37 . 2010-03-18 17:14 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-17 18:43 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-17 18:42 . 2010-03-17 18:42 -------- d-----w- c:\program files\Panda Security
2010-03-17 18:05 . 2010-03-17 18:05 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Symantec
2010-03-15 17:25 . 2010-03-15 20:12 -------- d-----w- C:\Energy
2010-03-14 13:12 . 2010-03-14 13:12 -------- d-----w- c:\program files\trend micro
2010-03-14 13:11 . 2010-03-14 13:12 -------- d-----w- C:\rsit
2010-03-13 14:43 . 2010-03-13 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\ArcSoft
2010-03-13 12:39 . 2010-03-13 12:39 -------- d-----w- c:\documents and settings\T\Application Data\HP SimpleSave Application
2010-03-12 16:38 . 2010-03-12 16:35 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-12 16:38 . 2010-03-12 16:35 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-12 16:36 . 2010-03-12 16:35 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-12 16:36 . 2010-03-12 16:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-12 16:36 . 2010-03-12 16:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-12 16:36 . 2010-03-12 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-12 16:36 . 2010-03-12 16:36 -------- d-----w- c:\program files\Symantec
2010-03-12 16:34 . 2010-03-12 22:05 -------- d-----w- c:\windows\system32\drivers\N360
2010-03-12 16:34 . 2010-03-12 16:35 -------- d-----w- c:\program files\Norton Security Suite
2010-03-12 16:34 . 2010-03-12 16:34 -------- d-----w- c:\program files\Windows Sidebar
2010-03-12 16:34 . 2010-03-12 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-12 16:32 . 2010-03-12 16:32 -------- d-----w- c:\program files\NortonInstaller
2010-03-12 13:31 . 2010-03-12 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-12 12:17 . 2010-03-12 12:17 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Sunbelt Software
2010-03-10 16:32 . 2010-03-10 16:32 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\Yahoo
2010-03-10 16:30 . 2010-03-10 16:30 -------- d-----w- c:\documents and settings\DVG\Application Data\Yahoo!
2010-03-10 16:12 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:10 . 2010-03-10 01:18 -------- d-----w- c:\documents and settings\T\Local Settings\Application Data\Yahoo
2010-03-10 00:46 . 2010-03-10 01:09 -------- d-----w- c:\documents and settings\T\Application Data\Yahoo!
2010-03-10 00:43 . 2010-03-11 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-09 21:26 . 2010-03-09 22:03 -------- d-----w- c:\documents and settings\DVG\Application Data\mIRC
2010-03-09 18:49 . 2010-03-09 18:49 -------- d-----w- c:\documents and settings\T\Application Data\mIRC
2010-03-09 18:46 . 2010-03-09 18:46 -------- d-----w- c:\program files\Dream Sudoku Trial
2010-03-06 19:07 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Application Data\webex
2010-03-06 19:04 . 2010-03-06 19:08 -------- d-----w- c:\documents and settings\DVG\Local Settings\Application Data\WebEx
2010-03-03 21:04 . 2004-06-10 14:34 53693 ----a-r- c:\windows\UNDPX2A.sys
2010-03-03 21:04 . 2004-06-10 14:31 135168 ----a-r- c:\windows\UNDPX2A.exe
2010-03-03 21:04 . 2004-06-09 23:42 15429 ----a-r- c:\windows\system32\drivers\Sacm2A.sys
2010-02-23 18:28 . 2010-03-11 18:09 -------- d-----w- C:\GM591
2010-02-20 00:26 . 2010-03-17 18:21 -------- d-----w- c:\documents and settings\T\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 15:59 . 2006-02-28 18:05 -------- d-----w- c:\program files\Java
2010-03-18 15:56 . 2010-01-06 14:11 152576 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-18 13:37 . 2006-02-28 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 01:17 . 2009-09-14 22:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-15 14:20 . 2010-01-05 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 02:01 . 2010-01-05 14:06 -------- d-----w- c:\documents and settings\DVG\Application Data\MyScribe
2010-03-12 16:36 . 2010-03-12 16:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-12 16:36 . 2010-03-12 16:36 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-12 16:35 . 2010-03-12 16:35 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-12 16:35 . 2010-03-12 16:35 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-12 16:35 . 2010-03-12 16:35 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-12 15:16 . 2009-09-15 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-12 12:26 . 2009-11-03 13:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-12 08:54 . 2010-03-18 22:25 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVEX32A.DLL
2010-03-12 08:54 . 2010-03-18 22:25 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVEX15.SYS
2010-03-12 08:54 . 2010-03-18 22:25 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVENG.SYS
2010-03-12 08:54 . 2010-03-18 22:25 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\NAVENG32.DLL
2010-03-12 08:54 . 2010-03-18 22:25 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\EECTRL.SYS
2010-03-12 08:54 . 2010-03-18 22:25 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\CCERASER.DLL
2010-03-12 08:54 . 2010-03-18 22:25 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\ECMSVR32.DLL
2010-03-12 08:54 . 2010-03-18 22:25 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100318.016\ERASER.SYS
2010-03-12 00:23 . 2010-01-26 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-05 21:53 . 2009-09-13 20:55 -------- d-----w- c:\program files\CCleaner
2010-03-03 20:25 . 2009-06-17 01:20 -------- d-----w- c:\documents and settings\DVG\Application Data\U3
2010-02-28 20:51 . 2010-01-04 18:57 -------- d-----w- c:\documents and settings\T\Application Data\MyScribe
2010-02-28 16:22 . 2010-02-03 20:51 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-02-28 16:22 . 2010-02-03 20:51 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-02-12 22:41 . 2010-03-19 00:43 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-07 20:12 . 2009-02-05 11:36 -------- d-----w- c:\program files\Google
2010-02-07 16:12 . 2010-01-23 20:09 -------- d-----w- c:\program files\LogMeIn
2010-02-01 11:07 . 2009-12-16 07:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-29 21:19 . 2010-01-29 21:19 388096 ----a-r- c:\documents and settings\T\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-29 21:19 . 2010-01-29 21:19 -------- d-----w- c:\program files\TrendMicro
2010-01-29 19:52 . 2009-10-25 23:23 -------- d-----w- c:\program files\Windows Live
2010-01-29 18:55 . 2009-03-01 20:04 -------- d-----w- c:\documents and settings\T\Application Data\StumbleUpon
2010-01-29 14:52 . 2009-02-05 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-29 03:22 . 2010-01-29 03:22 503808 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\msvcp71.dll
2010-01-29 03:22 . 2010-01-29 03:22 499712 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\jmc.dll
2010-01-29 03:22 . 2010-01-29 03:22 348160 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2d6b94d7-n\msvcr71.dll
2010-01-29 03:22 . 2010-01-29 03:22 61440 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1c4601b9-n\decora-sse.dll
2010-01-29 03:22 . 2010-01-29 03:22 12800 ----a-w- c:\documents and settings\DVG\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1c4601b9-n\decora-d3d.dll
2010-01-28 16:34 . 2006-02-28 18:05 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 16:04 . 2010-01-28 16:04 503808 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\msvcp71.dll
2010-01-28 16:04 . 2010-01-28 16:04 348160 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\msvcr71.dll
2010-01-28 16:04 . 2010-01-28 16:04 499712 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d67b283-n\jmc.dll
2010-01-28 16:04 . 2010-01-28 16:04 61440 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35a4f4fd-n\decora-sse.dll
2010-01-28 16:04 . 2010-01-28 16:04 12800 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-35a4f4fd-n\decora-d3d.dll
2010-01-24 00:45 . 2010-01-24 00:45 -------- d-----w- c:\program files\Belarc
2010-01-23 23:29 . 2010-01-23 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-20 21:27 . 2010-01-20 21:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 20:56 . 2010-01-06 14:11 79488 ----a-w- c:\documents and settings\T\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 20:56 . 2006-02-28 18:18 -------- d-----w- c:\program files\Common Files\Real
2010-01-20 20:24 . 2010-01-20 20:16 -------- d-----w- c:\program files\QuickTime
2010-01-20 20:15 . 2010-01-20 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-20 00:07 . 2009-03-14 19:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-10-16 23:14 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 11:53 . 2009-03-20 00:17 80368 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 19:22 . 2009-08-01 22:32 80368 ----a-w- c:\documents and settings\DVG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 20:57 . 2010-01-25 01:20 103424 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-05 20:57 . 2010-01-25 01:20 545280 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-05 20:57 . 2010-01-25 01:20 153600 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-05 20:57 . 2010-01-25 01:20 344064 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-05 20:57 . 2010-01-25 01:20 4725760 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-05 20:57 . 2010-01-25 01:20 57856 ----a-w- c:\documents and settings\DVG\Application Data\Mozilla\Firefox\Profiles\lbx0w7jx.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-12-31 16:50 . 2006-02-28 17:44 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 18:51 916480 ------w- c:\windows\system32\wininet.dll
2010-01-08 21:08 . 2010-01-08 21:08 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-01-08 21:08 . 2010-01-08 21:08 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-01-08 21:08 . 2010-01-08 21:08 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-02-14 17:22 . 2009-02-14 17:22 56 --sh--r- c:\windows\system32\398F75844F.sys
2009-02-14 17:22 . 2009-02-14 17:22 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-16_18.22.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-19 00:22 . 2010-03-19 00:22 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2010-03-19 00:43 . 2010-03-19 00:43 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat
+ 2010-03-19 00:42 . 2010-03-19 00:42 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
+ 2009-09-03 11:36 . 2007-04-04 22:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-09-03 11:36 . 2007-03-05 16:42 15128 c:\windows\system32\x3daudio1_1.dll
- 2009-09-03 11:36 . 2006-11-15 15:38 15128 c:\windows\system32\x3daudio1_1.dll
- 2010-01-28 16:02 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2010-01-28 16:02 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2010-01-28 16:02 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-03-18 16:01 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2010-02-06 00:52 . 2010-02-06 00:52 464272 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2009-08-04 18:06 . 2009-08-04 18:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2010-03-18 15:59 . 2010-03-18 15:59 1757696 c:\windows\Installer\10b2b1b.msi
- 2009-02-01 10:11 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe
+ 2009-02-01 10:11 . 2010-03-02 01:30 31648712 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 16:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 10:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-01-20 20:39 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"TapiSrv"=3 (0x3)
"StumbleUponUpdateService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c987866e79faa8"=2 (0x2)
"CiSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/17/2010 2:43 PM 28552]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/12/2010 1:17 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/12/2010 1:17 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/12/2010 1:17 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/14/2010 6:17 PM 329592]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/3/2009 9:12 AM 95024]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/12/2010 1:16 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/12/2010 4:54 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [10/23/2009 6:06 PM 55208]
S4 gupdate1c987866e79faa8;Google Update Service (gupdate1c987866e79faa8);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 7:39 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{A1436AFE-2180-4C5F-A870-A156C3FC039E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://malwareremoval.com/forum/viewtop ... 7&e=511727
uInternet Connection Wizard,ShellNext = iexplore
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-03-18 20:52:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-19 00:52
ComboFix2.txt 2010-03-16 18:33

Pre-Run: 14,268,334,080 bytes free
Post-Run: 14,139,478,016 bytes free

- - End Of File - - 7EAFEE6391863EB0F45A4A8099CDE3B4
You do not have the required permissions to view the files attached to this post.
n2934
Active Member
 
Posts: 11
Joined: March 11th, 2010, 8:02 pm

Re: peculiar IE8 behavior, Ad-Aware finds bugs but won't open

Unread postby Katana » March 20th, 2010, 9:20 am

There is no sign of infection now, it could be an IE Addon that is causing the problems with Internet Explorer.

Start IE
Click Tools >> Manage Add-ons >> Disable or Enable Add-ons
Disable all the addons, and then enable them one by one (restarting IE in between) until you find the one thatis causing the problem.


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • Image


You can also delete any logs we have produced and any other tools we have downloaded.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware