Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Problem?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Problem?

Unread postby jksmith742003 » December 3rd, 2010, 1:11 am

Sorry for the duplicate posting!
Last edited by jksmith742003 on December 6th, 2010, 6:56 pm, edited 1 time in total.
jksmith742003
Active Member
 
Posts: 5
Joined: December 3rd, 2010, 12:55 am
Advertisement
Register to Remove

Re: Malware Problem?

Unread postby Gizzy » December 5th, 2010, 2:48 pm

Hello jksmith742003 and Welcome to Malware Removal! :)
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.

Note: As I am still in training, All of my posts must first be checked by an Expert/Teacher, So some delays may be inevitable, please be patient and I will reply again asap.


Uninstall List
  1. Open HijackThis.
  2. Click the Open the Misc Tools section button. (If you don't see that button click the Main Menu button first)
  3. Click the Open Uninstall Manager... button and then click the Save list... button.
  4. Save the uninstall_list.txt file to your HijackThis folder.
  5. Copy and Paste the contents of uninstall_list.txt in your next reply.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Malware Problem?

Unread postby jksmith742003 » December 6th, 2010, 12:44 am

Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Battery Meter
CapsLKNotify
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Cozi
Dell Dock
Dell Dock
Dell Edoc Viewer
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
DHTML Editing Component
DivX 4.11 Codec
D-i-v-X AVI Codec Pack Pro 2.4.0
DivX Setup
EMSC
ffdshow
Google Update Helper
GoToAssist 8.0.0.514
Grammarly Add-In
Huffyuv AVI lossless video codec (Remove Only)
Intel(R) Graphics Media Accelerator Driver
IZArc 4.1.2
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Mega Codec Pack 1.34
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
Norton Security Scan
Norton Security Suite
OGA Notifier 2.0.0048.0
ParetoLogic FileCure
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Microsoft Office Word 2007 (KB2251419)
Spybot - Search & Destroy
StuffIt Expander 2010
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
uTorrent
VC80CRTRedist - 8.0.50727.4053
VidaOne Diet and Fitness
VideoLAN VLC media player 0.8.1
VobSub v2.05 (Remove Only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinMount V3.3.0721
WinRAR archiver
WinZip 14.5
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
jksmith742003
Active Member
 
Posts: 5
Joined: December 3rd, 2010, 12:55 am

Re: Malware Problem?

Unread postby Gizzy » December 6th, 2010, 1:02 pm

Hi jksmith742003,
Is this computer used for personal use only or for business related activities as well?

Win 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System( Windows 7 ) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


P2P Warning!
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
Also take note that remnants of the above program(s) and any other P2P program found will be removed when cleaning.

While in Programs and Features also uninstall the following.
  • Spybot - Search & Destroy


Download and Run RSIT
  1. Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  2. Right-click on RSIT.exe and select Run as administrator to run RSIT
  3. Click Continue at the disclaimer screen
  4. Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  5. Copy & paste the contents of both logs in your next reply


Please reply with:
  • Answer to question
  • RSIT logs (log.txt and info.txt)
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Malware Problem?

Unread postby jksmith742003 » December 6th, 2010, 6:46 pm

Hi Gizzy,

Thanks for looking into my problem. To answer your question, this computer is for personal use. I followed all of your instructions. However, I was unable to uninstall Spybot Search & Destroy. When I clicked on uninstall, I received the following error message:

Messages file "c:\Programfiles/Spybot-Search&Destroy\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

FYI: Prior to contacting malwareremoval.com I attempted to uninstall Spybot Search & Destory and received the same error message. I also attempted to install a new version but was unsuccessful and received an error message. Unfortunately, I did not log the error message at the time.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenn at 2010-12-06 15:17:26
Microsoft Windows 7 Starter
System drive C: has 112 GB (50%) free of 223 GB
Total RAM: 1013 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:18:50 PM, on 12/6/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ParetoLogic\FileCure\FileCure.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinMount\WinMount3.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Jenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJPDDZVP\RSIT[1].exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\Jenn.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60468
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://www.honestmechanic.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12222 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\Norton Security Scan for Jenn.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-25 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-11-17 7866912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-05 150552]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2009-07-16 4562944]
"BTMeter"=C:\Program Files\Battery Meter\BTMeter.exe [2009-09-16 632176]
"WSED"=C:\Program Files\WSED\WSED.exe [2009-05-27 247080]
""= []
"CapsLKNotify"=C:\Program Files\CapsLKNotify\CapsLKNotify.exe [2009-06-09 320880]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-31 1164584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-25 202256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

C:\Users\Jenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2010-03-19 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-22 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-06 15:11:28 ----D---- C:\rsit
2010-12-06 12:11:02 ----D---- C:\Program Files\directx
2010-12-06 12:07:37 ----D---- C:\Program Files\Infogrames Interactive
2010-12-02 21:01:37 ----A---- C:\Windows\ntbtlog.txt
2010-12-02 20:53:54 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-12-02 20:53:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-23 18:59:14 ----D---- C:\Program Files\Common Files\Adobe
2010-11-23 18:59:14 ----D---- C:\Program Files\Adobe
2010-11-10 09:58:15 ----D---- C:\Users\Jenn\AppData\Roaming\Apple Computer
2010-11-10 09:56:10 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaws.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaw.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\java.exe
2010-11-10 09:27:48 ----D---- C:\ProgramData\Apple Computer
2010-11-09 22:15:59 ----D---- C:\Users\Jenn\AppData\Roaming\Elluminate

======List of files/folders modified in the last 1 months======

2010-12-06 15:18:00 ----D---- C:\Program Files\Trend Micro
2010-12-06 15:11:00 ----D---- C:\Windows\Temp
2010-12-06 15:05:17 ----RD---- C:\Program Files
2010-12-06 12:27:24 ----SHD---- C:\System Volume Information
2010-12-06 12:10:05 ----D---- C:\Windows
2010-12-06 12:07:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-06 12:04:59 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-06 08:13:01 ----D---- C:\Windows\System32
2010-12-06 08:13:01 ----D---- C:\Windows\inf
2010-12-06 08:13:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-05 21:44:06 ----D---- C:\Windows\system32\config
2010-12-05 08:55:09 ----D---- C:\ProgramData\FileCure
2010-12-03 07:35:41 ----SHD---- C:\Windows\Installer
2010-12-03 07:35:40 ----SHD---- C:\Config.Msi
2010-12-02 23:23:43 ----D---- C:\ProgramData\Microsoft Help
2010-12-02 21:06:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-02 21:06:09 ----D---- C:\Windows\system32\drivers
2010-12-01 18:50:13 ----D---- C:\Program Files\Google
2010-12-01 18:50:13 ----D---- C:\Program Files\7-Zip
2010-12-01 18:48:46 ----D---- C:\Windows\system32\catroot
2010-12-01 18:39:03 ----D---- C:\Windows\system32\DriverStore
2010-12-01 18:38:53 ----D---- C:\Program Files\Common Files
2010-12-01 18:35:45 ----D---- C:\Windows\system32\Tasks
2010-12-01 18:33:10 ----D---- C:\Program Files\FrostWire
2010-12-01 18:25:33 ----HD---- C:\ProgramData
2010-12-01 18:24:15 ----D---- C:\Users\Jenn\AppData\Roaming\Gygan
2010-12-01 18:17:38 ----D---- C:\Program Files\Dell Webcam
2010-12-01 18:17:30 ----D---- C:\Program Files\Creative
2010-12-01 18:11:05 ----D---- C:\Program Files\Common Files\SPSS
2010-11-30 17:09:13 ----D---- C:\Windows\Tasks
2010-11-28 23:24:10 ----D---- C:\Windows\system32\FxsTmp
2010-11-26 07:07:17 ----D---- C:\Windows\Prefetch
2010-11-25 01:03:54 ----D---- C:\Windows\Minidump
2010-11-23 22:12:33 ----D---- C:\ProgramData\Real
2010-11-23 22:12:27 ----D---- C:\Users\Jenn\AppData\Roaming\Real
2010-11-23 18:59:19 ----D---- C:\ProgramData\Adobe
2010-11-18 16:50:25 ----D---- C:\Windows\system32\NDF
2010-11-10 09:51:01 ----D---- C:\Program Files\Java
2010-11-10 09:28:14 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EMSC;COMPAL Embedded System Control; C:\Windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-14 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-21 173104]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-09-20 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvix86.sys [2010-11-08 353912]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS [2010-04-21 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-28 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-05 339504]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R1 WMDrive;WMDrive; \??\C:\Windows\system32\drivers\WMDrive.sys [2010-07-26 46176]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-07-16 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-16 2506232]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-22 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-11-17 2804192]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.002\NAVENG.SYS [2010-10-21 86064]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.002\NAVEX15.SYS [2010-10-21 1371184]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-09-21 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-06-03 201968]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2009-07-16 26112]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2010-03-19 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-12-06 15:12:37

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Battery Meter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{543A4F31-9590-416A-A621-42CEB4C6A694} /l1033
CapsLKNotify-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{90578106-70AF-4198-B9DE-1924FA83B03A} /l1033
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cozi-->MsiExec.exe /X{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}
Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Dock-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
D-i-v-X AVI Codec Pack Pro 2.4.0-->C:\Windows\system32\C2MP\Uninst.exe
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EMSC-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{FEF06E73-A519-4510-8CF3-B66041B91D8A}
ffdshow-->"C:\Program Files\ffdshow\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Grammarly Add-In-->MsiExec.exe /I{F5350B7A-24CB-4E4B-A746-BF59BBD6185A}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\HUFFYUV.INF
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IZArc 4.1.2-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Mega Codec Pack 1.34-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /I{67635FB6-2F63-4FFB-830B-D4C01597EBA4}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\Setup.exe" -l0x9
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Norton Security Scan-->C:\Program Files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
Norton Security Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.3.0.5\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
ParetoLogic FileCure-->C:\Program Files\ParetoLogic\FileCure\uninstall.exe
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffIt Expander 2010-->MsiExec.exe /X{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VidaOne Diet and Fitness-->MsiExec.exe /I{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.05 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinMount V3.3.0721-->"C:\Program Files\WinMount\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1320
Source Name: RTL8167
Time Written: 20100608132208.727607-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1311
Source Name: RTL8167
Time Written: 20100608132159.552810-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1297
Source Name: RTL8167
Time Written: 20100608043655.537210-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1014
Message: Name resolution for the name updatekeepalive.mcafee.com timed out after none of the configured DNS servers responded.
Record Number: 1282
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100608043415.602318-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1270
Source Name: RTL8167
Time Written: 20100608043215.048815-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Jenn-PC
Event Code: 0
Message: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Record Number: 806
Source Name: Swapdrive Backup
Time Written: 20100609065803.000000-000
Event Type: Error
User:

Computer Name: Jenn-PC
Event Code: 4007
Message: The Windows logon process has failed to disconnect the user session.
Record Number: 761
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100609002253.000000-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 4622
Message: The COM+ Event System could not marshal the subscriber for subscription {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 755
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100608144808.000000-000
Event Type: Error
User:

Computer Name: Jenn-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-875612657-986133293-2342133017-1000:
Process 500 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-875612657-986133293-2342133017-1000

Record Number: 665
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100608132839.748505-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jenn-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: wltrynt SENS Logon Spy Subscription
Object description:
The HRESULT was 80070005.
Record Number: 662
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100608132836.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Jenn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-875612657-986133293-2342133017-1000
Account Name: Jenn
Account Domain: Jenn-PC
Logon ID: 0x238ab0
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1f4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: D5QRY0M1
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608043211.336008-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Jenn
Account Domain: Jenn-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x1f4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 347
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608043211.336008-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 346
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608040930.074864-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x200
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 345
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608040930.074864-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-875612657-986133293-2342133017-1000
Account Name: Jenn
Domain Name: Jenn-PC
Logon ID: 0x5e4bb
Record Number: 344
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100608040120.996325-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\Dell Wireless WLAN Card;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
jksmith742003
Active Member
 
Posts: 5
Joined: December 3rd, 2010, 12:55 am

Re: Malware Problem?

Unread postby jksmith742003 » December 6th, 2010, 6:47 pm

Hi Gizzy,

Thanks for looking into my problem. To answer your question, this computer is for personal use. I followed all of your instructions. However, I was unable to uninstall Spybot Search & Destroy. When I clicked on uninstall, I received the following error message:

Messages file "c:\Programfiles/Spybot-Search&Destroy\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program.

FYI: Prior to contacting malwareremoval.com I attempted to uninstall Spybot Search & Destory and received the same error message. I also attempted to install a new version but was unsuccessful and received an error message. Unfortunately, I did not log the error message at the time. Below are the logs you requested. Thanks again for your help!


Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenn at 2010-12-06 15:17:26
Microsoft Windows 7 Starter
System drive C: has 112 GB (50%) free of 223 GB
Total RAM: 1013 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:18:50 PM, on 12/6/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ParetoLogic\FileCure\FileCure.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinMount\WinMount3.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Jenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJPDDZVP\RSIT[1].exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\Jenn.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60468
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://www.honestmechanic.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12222 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\Norton Security Scan for Jenn.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-25 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-11-17 7866912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-05 150552]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2009-07-16 4562944]
"BTMeter"=C:\Program Files\Battery Meter\BTMeter.exe [2009-09-16 632176]
"WSED"=C:\Program Files\WSED\WSED.exe [2009-05-27 247080]
""= []
"CapsLKNotify"=C:\Program Files\CapsLKNotify\CapsLKNotify.exe [2009-06-09 320880]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-31 1164584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-25 202256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

C:\Users\Jenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2010-03-19 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-22 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-06 15:11:28 ----D---- C:\rsit
2010-12-06 12:11:02 ----D---- C:\Program Files\directx
2010-12-06 12:07:37 ----D---- C:\Program Files\Infogrames Interactive
2010-12-02 21:01:37 ----A---- C:\Windows\ntbtlog.txt
2010-12-02 20:53:54 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-12-02 20:53:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-23 18:59:14 ----D---- C:\Program Files\Common Files\Adobe
2010-11-23 18:59:14 ----D---- C:\Program Files\Adobe
2010-11-10 09:58:15 ----D---- C:\Users\Jenn\AppData\Roaming\Apple Computer
2010-11-10 09:56:10 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaws.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaw.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\java.exe
2010-11-10 09:27:48 ----D---- C:\ProgramData\Apple Computer
2010-11-09 22:15:59 ----D---- C:\Users\Jenn\AppData\Roaming\Elluminate

======List of files/folders modified in the last 1 months======

2010-12-06 15:18:00 ----D---- C:\Program Files\Trend Micro
2010-12-06 15:11:00 ----D---- C:\Windows\Temp
2010-12-06 15:05:17 ----RD---- C:\Program Files
2010-12-06 12:27:24 ----SHD---- C:\System Volume Information
2010-12-06 12:10:05 ----D---- C:\Windows
2010-12-06 12:07:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-06 12:04:59 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-06 08:13:01 ----D---- C:\Windows\System32
2010-12-06 08:13:01 ----D---- C:\Windows\inf
2010-12-06 08:13:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-05 21:44:06 ----D---- C:\Windows\system32\config
2010-12-05 08:55:09 ----D---- C:\ProgramData\FileCure
2010-12-03 07:35:41 ----SHD---- C:\Windows\Installer
2010-12-03 07:35:40 ----SHD---- C:\Config.Msi
2010-12-02 23:23:43 ----D---- C:\ProgramData\Microsoft Help
2010-12-02 21:06:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-02 21:06:09 ----D---- C:\Windows\system32\drivers
2010-12-01 18:50:13 ----D---- C:\Program Files\Google
2010-12-01 18:50:13 ----D---- C:\Program Files\7-Zip
2010-12-01 18:48:46 ----D---- C:\Windows\system32\catroot
2010-12-01 18:39:03 ----D---- C:\Windows\system32\DriverStore
2010-12-01 18:38:53 ----D---- C:\Program Files\Common Files
2010-12-01 18:35:45 ----D---- C:\Windows\system32\Tasks
2010-12-01 18:33:10 ----D---- C:\Program Files\FrostWire
2010-12-01 18:25:33 ----HD---- C:\ProgramData
2010-12-01 18:24:15 ----D---- C:\Users\Jenn\AppData\Roaming\Gygan
2010-12-01 18:17:38 ----D---- C:\Program Files\Dell Webcam
2010-12-01 18:17:30 ----D---- C:\Program Files\Creative
2010-12-01 18:11:05 ----D---- C:\Program Files\Common Files\SPSS
2010-11-30 17:09:13 ----D---- C:\Windows\Tasks
2010-11-28 23:24:10 ----D---- C:\Windows\system32\FxsTmp
2010-11-26 07:07:17 ----D---- C:\Windows\Prefetch
2010-11-25 01:03:54 ----D---- C:\Windows\Minidump
2010-11-23 22:12:33 ----D---- C:\ProgramData\Real
2010-11-23 22:12:27 ----D---- C:\Users\Jenn\AppData\Roaming\Real
2010-11-23 18:59:19 ----D---- C:\ProgramData\Adobe
2010-11-18 16:50:25 ----D---- C:\Windows\system32\NDF
2010-11-10 09:51:01 ----D---- C:\Program Files\Java
2010-11-10 09:28:14 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EMSC;COMPAL Embedded System Control; C:\Windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-14 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-21 173104]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-09-20 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvix86.sys [2010-11-08 353912]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS [2010-04-21 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-28 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-05 339504]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R1 WMDrive;WMDrive; \??\C:\Windows\system32\drivers\WMDrive.sys [2010-07-26 46176]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-07-16 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-16 2506232]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-22 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-11-17 2804192]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.002\NAVENG.SYS [2010-10-21 86064]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.002\NAVEX15.SYS [2010-10-21 1371184]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-09-21 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-06-03 201968]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2009-07-16 26112]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2010-03-19 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-12-06 15:12:37

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Battery Meter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{543A4F31-9590-416A-A621-42CEB4C6A694} /l1033
CapsLKNotify-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{90578106-70AF-4198-B9DE-1924FA83B03A} /l1033
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cozi-->MsiExec.exe /X{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}
Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Dock-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX 4.11 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
D-i-v-X AVI Codec Pack Pro 2.4.0-->C:\Windows\system32\C2MP\Uninst.exe
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EMSC-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{FEF06E73-A519-4510-8CF3-B66041B91D8A}
ffdshow-->"C:\Program Files\ffdshow\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Grammarly Add-In-->MsiExec.exe /I{F5350B7A-24CB-4E4B-A746-BF59BBD6185A}
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\HUFFYUV.INF
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IZArc 4.1.2-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Mega Codec Pack 1.34-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /I{67635FB6-2F63-4FFB-830B-D4C01597EBA4}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Monopoly-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\Setup.exe" -l0x9
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Norton Security Scan-->C:\Program Files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
Norton Security Suite-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\4.3.0.5\InstStub.exe /X
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
ParetoLogic FileCure-->C:\Program Files\ParetoLogic\FileCure\uninstall.exe
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffIt Expander 2010-->MsiExec.exe /X{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VidaOne Diet and Fitness-->MsiExec.exe /I{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.05 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinMount V3.3.0721-->"C:\Program Files\WinMount\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======System event log======

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1320
Source Name: RTL8167
Time Written: 20100608132208.727607-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1311
Source Name: RTL8167
Time Written: 20100608132159.552810-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1297
Source Name: RTL8167
Time Written: 20100608043655.537210-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 1014
Message: Name resolution for the name updatekeepalive.mcafee.com timed out after none of the configured DNS servers responded.
Record Number: 1282
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100608043415.602318-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Jenn-PC
Event Code: 1
Message: Realtek PCIe FE Family Controller is disconnected from network.
Record Number: 1270
Source Name: RTL8167
Time Written: 20100608043215.048815-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Jenn-PC
Event Code: 0
Message: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()
Record Number: 806
Source Name: Swapdrive Backup
Time Written: 20100609065803.000000-000
Event Type: Error
User:

Computer Name: Jenn-PC
Event Code: 4007
Message: The Windows logon process has failed to disconnect the user session.
Record Number: 761
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100609002253.000000-000
Event Type: Warning
User:

Computer Name: Jenn-PC
Event Code: 4622
Message: The COM+ Event System could not marshal the subscriber for subscription {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 755
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100608144808.000000-000
Event Type: Error
User:

Computer Name: Jenn-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-875612657-986133293-2342133017-1000:
Process 500 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-875612657-986133293-2342133017-1000

Record Number: 665
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100608132839.748505-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jenn-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: wltrynt SENS Logon Spy Subscription
Object description:
The HRESULT was 80070005.
Record Number: 662
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100608132836.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Jenn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-875612657-986133293-2342133017-1000
Account Name: Jenn
Account Domain: Jenn-PC
Logon ID: 0x238ab0
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x1f4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: D5QRY0M1
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608043211.336008-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Jenn
Account Domain: Jenn-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x1f4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 347
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608043211.336008-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 346
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608040930.074864-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D5QRY0M1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x200
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 345
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100608040930.074864-000
Event Type: Audit Success
User:

Computer Name: Jenn-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-875612657-986133293-2342133017-1000
Account Name: Jenn
Domain Name: Jenn-PC
Logon ID: 0x5e4bb
Record Number: 344
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100608040120.996325-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\Dell Wireless WLAN Card;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=1c0a
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
jksmith742003
Active Member
 
Posts: 5
Joined: December 3rd, 2010, 12:55 am

Re: Malware Problem?

Unread postby Gizzy » December 7th, 2010, 12:17 pm

Hi jksmith742003,

I see you're running RSIT from a temporary location.
C:\Users\Jenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJPDDZVP\RSIT[1].exe
Please move it to your desktop,
It's important that you save all tools where I ask so that they function properly.


Take note of this:
Total RAM: 1013 MB (12% free)

Your computer is using almost all of it's system memory,

If you wish to upgrade the installed memory in your system, Crucial has a small scanner (CrucialScan.exe) which is perfectly safe to download and run in Admin mode. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.


Disable Spybot's TeaTimer. This is a two step process.
First step:
  1. Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  2. If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  3. If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version:
  1. Open Spybot S&D (Right-click and select Run as administrator)
  2. Click Mode, choose Advanced Mode
  3. Go To the bottom of the Vertical Panel on the Left, Click Tools
  4. then, also in left panel, click Resident shows a red/white shield.
  5. If your firewall raises a question, say OK
  6. In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  7. OK any prompts.
  8. Use File, Exit to terminate Spybot
  9. Reboot your machine for the changes to take effect.


Fix HijackThis Entries
  1. Open HijackThis (Right-click and select Run as administrator)
  2. Click Scan
  3. Tick the box next to the following entries (if present)

    • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60468
    • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60468
    • O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    • O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    • O15 - Trusted Zone: http://download.cnet.com
    • O15 - Trusted Zone: http://www.honestmechanic.com
    • O17 - HKLM\System\CCS\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
    • O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
    • O17 - HKLM\System\CS1\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
    • O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6
    • O17 - HKLM\System\CS2\Services\Tcpip\..\{8B616E7B-EAB5-42C8-8F99-5FCF0DC5E716}: NameServer = 93.188.163.67,93.188.166.6
    • O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.67,93.188.166.6

  4. Close all open windows/browsers and click Fix checked
  5. Reboot your computer


TFC (Temp File Cleaner)
  1. Please download TFC from here and save it to your desktop.
  2. Right-click TFC.exe and select Run as administrator to run the program.
  3. Click the Start button in the bottom left of TFC
  4. If prompted, click Yes to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


Download and run Rkill
Please download Rkill from one of the following links and save it to your Desktop:

One, Two, Three or Four

  1. Right-click on Rkill and select Run as administrator to run it.
  2. A command window will open then disappear upon completion, this is normal.
  3. When finished, Notepad will open with a log called, "rkill.log".
  4. Please copy and paste the contents of the rkill.log in your next reply.
  5. The file is automatically saved... located at C:\rkill.log.
  6. Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


Rename and Run Malwarebytes' Anti-Malware
  1. Right-click the Start button, And click Explore
  2. Navigate to C:\Program Files\Malwarebytes' Anti-Malware
  3. Right-click the mbam file, Select Rename
  4. Name it jksmith742003.exe and hit the Enter key
  5. Right-click jksmith742003.exe and select Run as administrator
  6. Click the Update tab.
  7. Click Check for Updates and wait for it to finish updating.
  8. Click the Scanner tab, Select Perform quick scan, Then click Scan.
  9. When the scan is complete, click OK, then Show Results to view the results.
  10. Check all items except items in the C:\System Volume Information folder, then click on Remove Selected.
  11. When completed, a log will open in Notepad. Please post that log in your next reply.

The log is automatically saved and can be viewed by clicking the Logs tab in Malwarebytes' Anti-Malware. It can also be found here:
  • C:\Users\Username\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Run RSIT
You should still have this program on your desktop.

  1. Right-click on RSIT.exe and select Run as administrator to run RSIT
  2. Click Continue at the disclaimer screen
  3. Once it has finished, only one log will open, log.txt (<<will be maximized)
  4. Copy & paste the contents of the log in your next reply


Please reply with:
  • Rkill log
  • Malwarebytes' Anti-Malware log
  • RSIT log
  • Update on computer performance
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Malware Problem?

Unread postby jksmith742003 » December 7th, 2010, 4:02 pm

Hi Gizzy,

I was able to complete all of your instructions, except for removing Spybot Search & Destroy. I was able to complete the first step, but was unable to get spybot S&D to run at all. Unfortunately, I am still experiencing my initial problems. For example, I attempted to use a search engine (yahoo.com) several times, when I clicked on a link from the search results, I was redirected to different websites( i.e. http://185_48813.admarketplace.com, http://scour.com). Below are the logs you requested.

Rkill Log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 12/07/2010 at 11:49:10.
Operating System: Windows 7 Starter
Processes terminated by Rkill or while it was running:

Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5263

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/7/2010 12:12:46 PM
mbam-log-2010-12-07 (12-12-46).txt

Scan type: Quick scan
Objects scanned: 141278
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\uninstall ask toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.

RSIT Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenn at 2010-12-07 12:24:21
Microsoft Windows 7 Starter
System drive C: has 114 GB (51%) free of 223 GB
Total RAM: 1013 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:13 PM, on 12/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jenn\Desktop\RSIT.exe
C:\Program Files\trend micro\Jenn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\jksmith742003.exe.exe" /runcleanupscript
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10581 bytes

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\Norton Security Scan for Jenn.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-25 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL [2009-11-16 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 1692968]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-11-17 7866912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-05 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-05 150552]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [2009-07-16 4562944]
"BTMeter"=C:\Program Files\Battery Meter\BTMeter.exe [2009-09-16 632176]
"WSED"=C:\Program Files\WSED\WSED.exe [2009-05-27 247080]
""= []
"CapsLKNotify"=C:\Program Files\CapsLKNotify\CapsLKNotify.exe [2009-06-09 320880]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-08-31 1164584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-25 202256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\jksmith742003.exe.exe [2010-11-29 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

C:\Users\Jenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2010-03-19 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-22 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-07 11:58:35 ----D---- C:\Users\Jenn\AppData\Roaming\Malwarebytes
2010-12-06 15:11:28 ----D---- C:\rsit
2010-12-06 12:11:02 ----D---- C:\Program Files\directx
2010-12-06 12:07:37 ----D---- C:\Program Files\Infogrames Interactive
2010-12-02 21:01:37 ----A---- C:\Windows\ntbtlog.txt
2010-12-02 20:53:54 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-12-02 20:53:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-23 18:59:14 ----D---- C:\Program Files\Common Files\Adobe
2010-11-23 18:59:14 ----D---- C:\Program Files\Adobe
2010-11-10 09:58:15 ----D---- C:\Users\Jenn\AppData\Roaming\Apple Computer
2010-11-10 09:56:10 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaws.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\javaw.exe
2010-11-10 09:51:26 ----A---- C:\Windows\system32\java.exe
2010-11-10 09:27:48 ----D---- C:\ProgramData\Apple Computer
2010-11-09 22:15:59 ----D---- C:\Users\Jenn\AppData\Roaming\Elluminate

======List of files/folders modified in the last 1 months======

2010-12-07 12:24:34 ----D---- C:\Program Files\Trend Micro
2010-12-07 12:24:15 ----D---- C:\Windows\Temp
2010-12-07 12:15:50 ----SHD---- C:\System Volume Information
2010-12-07 12:15:27 ----D---- C:\Windows\system32\drivers
2010-12-07 12:14:58 ----D---- C:\Windows\system32\config
2010-12-07 12:14:16 ----D---- C:\Windows\system32\catroot
2010-12-07 12:14:15 ----D---- C:\Windows\system32\catroot2
2010-12-07 12:14:11 ----D---- C:\Windows\winsxs
2010-12-07 12:13:31 ----D---- C:\Windows\Branding
2010-12-07 12:12:46 ----RD---- C:\Program Files
2010-12-07 11:58:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-07 06:53:08 ----D---- C:\Windows\System32
2010-12-07 06:53:08 ----D---- C:\Windows\inf
2010-12-07 06:53:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-06 16:53:43 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-06 16:53:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-06 12:10:05 ----D---- C:\Windows
2010-12-05 08:55:09 ----D---- C:\ProgramData\FileCure
2010-12-03 07:35:41 ----SHD---- C:\Windows\Installer
2010-12-03 07:35:40 ----SHD---- C:\Config.Msi
2010-12-02 23:23:43 ----D---- C:\ProgramData\Microsoft Help
2010-12-01 18:50:13 ----D---- C:\Program Files\Google
2010-12-01 18:50:13 ----D---- C:\Program Files\7-Zip
2010-12-01 18:39:03 ----D---- C:\Windows\system32\DriverStore
2010-12-01 18:38:53 ----D---- C:\Program Files\Common Files
2010-12-01 18:35:45 ----D---- C:\Windows\system32\Tasks
2010-12-01 18:33:10 ----D---- C:\Program Files\FrostWire
2010-12-01 18:25:33 ----HD---- C:\ProgramData
2010-12-01 18:24:15 ----D---- C:\Users\Jenn\AppData\Roaming\Gygan
2010-12-01 18:17:38 ----D---- C:\Program Files\Dell Webcam
2010-12-01 18:17:30 ----D---- C:\Program Files\Creative
2010-12-01 18:11:05 ----D---- C:\Program Files\Common Files\SPSS
2010-11-30 17:09:13 ----D---- C:\Windows\Tasks
2010-11-28 23:24:10 ----D---- C:\Windows\system32\FxsTmp
2010-11-26 07:07:17 ----D---- C:\Windows\Prefetch
2010-11-25 01:03:54 ----D---- C:\Windows\Minidump
2010-11-23 22:12:33 ----D---- C:\ProgramData\Real
2010-11-23 22:12:27 ----D---- C:\Users\Jenn\AppData\Roaming\Real
2010-11-23 18:59:19 ----D---- C:\ProgramData\Adobe
2010-11-18 16:50:25 ----D---- C:\Windows\system32\NDF
2010-11-10 09:51:01 ----D---- C:\Program Files\Java
2010-11-10 09:28:14 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EMSC;COMPAL Embedded System Control; C:\Windows\system32\DRIVERS\EMSC.SYS [2009-06-26 13680]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-14 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-21 173104]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-09-20 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101201.001\IDSvix86.sys [2010-11-08 353912]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS [2010-04-21 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-28 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-05 339504]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R1 WMDrive;WMDrive; \??\C:\Windows\system32\drivers\WMDrive.sys [2010-07-26 46176]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-16 2506232]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-03-12 143840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 102448]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-22 4808192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-11-17 2804192]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.049\NAVENG.SYS [2010-10-21 86064]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101206.049\NAVEX15.SYS [2010-10-21 1371184]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-09-21 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 242992]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-07-16 18424]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 174592]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 N360;Norton Security Suite; C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-06-03 201968]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE [2009-07-16 26112]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2010-03-19 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
jksmith742003
Active Member
 
Posts: 5
Joined: December 3rd, 2010, 12:55 am

Re: Malware Problem?

Unread postby Gizzy » December 8th, 2010, 1:24 pm

Hi jksmith742003,

Download ERUNT to backup the Registry
  1. Please click here to download ERUNT and save it to your desktop.
  2. Right-click on erunt-setup.exe and select Run as administrator
  3. Follow the prompts to install ERUNT.
  4. Use the default install settings but say No to the part that asks you to add ERUNT to the Startup folder. You can enable this option later if you want.
  5. Start ERUNT either by right-clicking on the desktop icon and selecting Run as administrator or choosing to start the program at the end of the setup process.
  6. Choose a location for the backup, The default location is C:\WINDOWS\ERDNT which is acceptable.
  7. Make sure that at least the first two check boxes are selected.
  8. Click on OK.
  9. Then click on Yes to create the folder.


Download and run OTM
  1. Please download OTM to your Desktop.
  2. Right-click OTM.exe and select Run as administrator to run it.
  3. Copy and Paste the contents of the Code box below into the Paste Instructions for Items to be Moved box (under the yellow bar)
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
    
    :Files
    C:\Program Files\FrostWire
    C:\Users\Jenn\AppData\Roaming\Gygan
    
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    [start explorer]
    [Reboot]
  4. Then click the red MoveIt! button.
  5. Copy everything in the Results box (under the green bar) and paste it into your next reply.

    Note: If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.


Reset Hosts File
Download HostsXpert and unzip it to your computer, Somewhere you can find it.
  1. Right-click on HostsXpert.exe and select Run as administrator to launch the program.
  2. Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  3. Click on Make ReadOnly to secure it against further infection.
  4. Exit the program.


Gmer Rootkit Scanner
Download GMER Rootkit Scanner from here & save it to your desktop.
  1. Right-click the .exe file and select Run as administrator. If asked to allow gmer.sys driver to load, please consent
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Image
      Click the image to enlarge it
  4. Then click the Scan button & wait for it to finish
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.


Run RSIT
Ensure rsit.exe is on your desktop

  1. Click the Windows Start > All programs > Accessories then Run
  2. Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info
  3. Click Continue at the disclaimer screen
  4. Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  5. Copy & paste the contents of both logs in your next reply


Please reply with:
  • OTM results
  • Gmer log
  • RSIT logs (log.txt and info.txt)
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Malware Problem?

Unread postby Gizzy » December 10th, 2010, 2:38 pm

Hi jksmith742003,

Do you still require assistance?
If you do not reply to this topic within 24 hours of this post, it will be closed due to inactivity.
User avatar
Gizzy
Retired Graduate
 
Posts: 1101
Joined: December 30th, 2008, 9:54 pm
Location: NJ, USA

Re: Malware Problem?

Unread postby Cypher » December 11th, 2010, 2:40 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware