Free Malware Removal Forum

[ih8spam]

Hi new to the forum..thanks for the support

I experience new internet browsers that come on that i can not close because they don't appear in a new window or tab.. It just starts to play music or a radio station all by itself and there is no window to close when i go to task manager t here is 5 or 6 internet explorer process going and i don't now which one to terminate. I tried removing all start up files and not start with any processes but it still happens... sorry if there is more then one problem in link if i need to seperate please let me know
I have attacked my log so hope someone can help..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:09 AM, on 16/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&clie ... bd=5070719
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&clie ... bd=5070719
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\3.11.5.14760\stb0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\Palm\Hotsync.exe" -AllUsers
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... CANNER.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c921b2a16463c0) (gupdate1c921b2a16463c0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

--
End of file - 7629 bytes

--
End of file - 16455 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi ih8spam and welcome to Malware Removal

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!.
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Next:

Please reboot(restart)your computer into Normal mode please, as this will enable myself to retrieve a more accurate set of logs from the below.

I have identified several problems so far but as mentioned I do need your computer running in normal mode for the below scans, thank you.

Scan with Rooter:

Please download Rooter.exe to your desktop.

• Right-click on Rooter.exe and select Run as Administrator to start the application.
• Now click on the Scan button.
• When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
• Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$

Scan with RSIT:

• Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

• Right click on RSIT.exe and select Run as Administrator to start RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any further symptoms and or problems encountered?
• Rooter Log.
• Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

[ih8spam]

Thank you for your attention to my post

here are the logs as per your request

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 2, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.0.11 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:93 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 23:48.33
Path : C:\Users\dad\Desktop\Rooter.exe
User : dad ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (448)
______ C:\Windows\system32\csrss.exe (572)
______ C:\Windows\system32\wininit.exe (628)
______ C:\Windows\system32\services.exe (672)
______ C:\Windows\system32\lsass.exe (724)
______ C:\Windows\system32\lsm.exe (736)
______ C:\Windows\system32\svchost.exe (892)
______ C:\Windows\system32\svchost.exe (972)
______ C:\Windows\system32\svchost.exe (1032)
______ C:\Windows\System32\svchost.exe (1084)
______ C:\Windows\System32\svchost.exe (1132)
______ C:\Windows\System32\svchost.exe (1200)
______ C:\Windows\System32\svchost.exe (1240)
______ C:\Windows\system32\svchost.exe (1272)
Locked audiodg.exe (1328)
______ C:\Windows\system32\svchost.exe (1412)
______ C:\Windows\system32\SLsvc.exe (1460)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1704)
______ C:\Windows\System32\spoolsv.exe (2000)
______ C:\Windows\system32\svchost.exe (2032)
______ C:\Windows\system32\svchost.exe (784)
______ C:\Windows\system32\svchost.exe (1744)
______ C:\Windows\system32\svchost.exe (1344)
______ C:\Windows\System32\svchost.exe (2060)
______ C:\Windows\System32\svchost.exe (2096)
______ C:\Windows\System32\svchost.exe (2140)
______ C:\Windows\system32\svchost.exe (2196)
______ C:\Windows\System32\tcpsvcs.exe (2212)
______ C:\Windows\system32\svchost.exe (2240)
______ C:\Windows\System32\svchost.exe (2296)
______ C:\Windows\system32\SearchIndexer.exe (2352)
______ C:\Windows\system32\WUDFHost.exe (2496)
______ C:\Windows\system32\taskeng.exe (2992)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (3296)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (3388)
______ C:\Windows\system32\svchost.exe (3936)
______ C:\Windows\system32\csrss.exe (4976)
______ C:\Windows\system32\winlogon.exe (1304)
______ C:\Windows\system32\Dwm.exe (2936)
______ C:\Windows\system32\taskeng.exe (4712)
______ C:\Windows\Explorer.EXE (3696)
______ C:\Program Files\Alwil Software\Avast4\ashDisp.exe (7056)
______ C:\Windows\system32\wbem\unsecapp.exe (4028)
______ C:\Windows\system32\wbem\wmiprvse.exe (6152)
______ C:\Windows\system32\wuauclt.exe (6644)
______ C:\Windows\System32\mobsync.exe (11260)
______ C:\Program Files\Internet Explorer\iexplore.exe (13952)
______ C:\Program Files\Internet Explorer\iexplore.exe (8768)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (10188)
______ C:\Program Files\Internet Explorer\Iexplore.exe (6156)
______ C:\Program Files\Internet Explorer\Iexplore.exe (3720)
______ C:\Users\dad\Desktop\RSIT.exe (13688)
______ C:\Windows\system32\wbem\wmiprvse.exe (2344)
______ C:\Windows\system32\SearchProtocolHost.exe (8888)
______ C:\Windows\system32\SearchFilterHost.exe (7684)
______ C:\Windows\system32\SearchProtocolHost.exe (10844)
______ C:\Windows\system32\DllHost.exe (6884)
______ C:\Windows\system32\DllHost.exe (12816)
______ C:\Users\dad\Desktop\Rooter.exe (8120)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
\Device\Harddisk0\Partition2 (Start_Offset:50331648 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10787749888 | Length:149210267648)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachine.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{800D552F-DC87-4C5F-A54B-2A66EB38DC9C}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Bitdownload
==> Lop <==
.
----------------------\\ Scan completed at 23:48.51
.
C:\Rooter$\Rooter_2.txt - (19/07/2009 | 23:48.51)

[ih8spam]

hi here is the other file

Logfile of random's system information tool 1.06 (written by random/random)
Run by dad at 2009-07-19 23:54:56
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 96 GB (67%) free of 142 GB
Total RAM: 2043 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:00 PM, on 19/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\dad\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&clie ... bd=5070719
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&clie ... bd=5070719
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\3.11.5.14760\stb0.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/file ... _en_US.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... CANNER.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate1c921b2a16463c0) (gupdate1c921b2a16463c0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

--
End of file - 7073 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{800D552F-DC87-4C5F-A54B-2A66EB38DC9C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Bell\Security Manager\pkR.dll [2008-03-10 55536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll [2008-11-11 299240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\3.11.5.14760\stb0.dll [2009-06-03 1134872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"postSetupCheck"= []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Bell\Security Manager\ZkRunOnceR.exe [2008-03-10 13552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bat Clock Vga Audio]
C:\ProgramData\Grim Show Two.vbgjk9g [2007-07-24 344080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BellCanada_McciTrayApp]
C:\Program Files\BellCanada\McciTrayApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant]
LBTWIZ.EXE -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bolt warn]
C:\ProgramData\4 Scr Scr.xamcly5 [2007-07-26 61456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe [2007-03-16 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grey pop cake audio]
C:\ProgramData\slow peak gram.fmv3jd [2007-07-24 221200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-02-11 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
C:\Program Files\Palm\Hotsync.exe [2008-01-03 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-02-11 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-26 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-25 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sympatico Security Manager]
C:\Program Files\Bell\Security Manager\Rps.exe [2008-03-10 311024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-23 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]
C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\Hotsync.exe [2008-01-03 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2008-05-02 805392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
"DisableTaskmgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{119481b7-35fb-11dc-94b1-806e6f6e6963}]
shell\AutoRun\command - E:\AUTORUN.EXE


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-19 23:45:10 ----D---- C:\rsit
2009-07-19 23:43:48 ----D---- C:\Rooter$
2009-07-16 14:50:55 ----D---- C:\Users\dad\AppData\Roaming\FileMaker
2009-07-16 14:47:48 ----D---- C:\Program Files\Big Hammer
2009-07-16 12:47:03 ----D---- C:\Windows\system32\Dell
2009-07-15 08:28:27 ----A---- C:\Windows\system32\aswBoot.exe
2009-07-15 08:28:25 ----D---- C:\Program Files\Alwil Software
2009-07-14 22:07:53 ----D---- C:\Users\dad\AppData\Roaming\SmartDraw
2009-07-14 22:05:34 ----D---- C:\SmartDraw 2009
2009-07-14 21:48:52 ----SHD---- C:\Windows\ftpcache
2009-07-14 21:31:20 ----D---- C:\Windows\system32\Adobe
2009-07-14 21:22:11 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 21:22:11 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 21:22:11 ----A---- C:\Windows\system32\dciman32.dll
2009-07-14 21:22:11 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 14:24:36 ----D---- C:\Program Files\Trend Micro
2009-07-14 13:41:27 ----D---- C:\Program Files\Panda Security
2009-07-14 13:05:44 ----D---- C:\Users\dad\AppData\Roaming\Foxit
2009-07-10 01:27:00 ----D---- C:\ProgramData\WindowsSearch
2009-07-07 09:28:33 ----D---- C:\Program Files\Foxit Software
2009-07-07 08:49:53 ----D---- C:\Program Files\CA(1)
2009-07-07 08:25:15 ----D---- C:\ProgramData\HP Product Assistant
2009-07-06 23:54:08 ----D---- C:\inetpub
2009-06-28 09:29:59 ----D---- C:\Program Files\CA

======List of files/folders modified in the last 1 months======

2009-07-19 23:53:07 ----D---- C:\Windows\Temp
2009-07-19 23:51:53 ----D---- C:\Windows\Prefetch
2009-07-19 18:15:47 ----D---- C:\Windows\System32
2009-07-16 22:21:55 ----SHD---- C:\Windows\Installer
2009-07-16 22:21:48 ----SHD---- C:\System Volume Information
2009-07-16 18:19:59 ----D---- C:\Windows\inf
2009-07-16 18:19:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-16 18:15:19 ----D---- C:\Windows\Minidump
2009-07-16 18:15:19 ----D---- C:\Windows
2009-07-16 18:02:19 ----AD---- C:\Windows\pss
2009-07-16 17:39:34 ----D---- C:\Windows\system32\catroot
2009-07-16 17:39:09 ----D---- C:\Windows\system32\drivers
2009-07-16 17:35:23 ----D---- C:\Windows\system32\catroot2
2009-07-16 14:48:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-16 14:47:48 ----RD---- C:\Program Files
2009-07-16 13:58:06 ----A---- C:\Windows\ntbtlog.txt
2009-07-16 12:47:05 ----SD---- C:\Windows\Downloaded Program Files
2009-07-16 12:47:03 ----D---- C:\Program Files\Dell
2009-07-15 12:46:51 ----D---- C:\Windows\winsxs
2009-07-15 12:35:33 ----D---- C:\Program Files\MAIET
2009-07-15 12:34:18 ----HD---- C:\ProgramData
2009-07-15 11:42:46 ----D---- C:\Program Files\MyHeritage
2009-07-14 22:06:31 ----D---- C:\Windows\Tasks
2009-07-14 21:38:01 ----D---- C:\Program Files\Windows Mail
2009-07-14 21:32:37 ----D---- C:\Windows\system32\Macromed
2009-07-14 19:19:25 ----D---- C:\Windows\system32\Tasks
2009-07-14 13:11:43 ----D---- C:\ProgramData\HP
2009-07-10 13:28:46 ----D---- C:\Windows\system32\config
2009-07-10 13:28:36 ----D---- C:\Windows\system32\spool
2009-07-10 13:28:36 ----D---- C:\Windows\system32\Msdtc
2009-07-10 13:28:36 ----D---- C:\Windows\system32\CodeIntegrity
2009-07-10 13:28:36 ----D---- C:\Windows\rescache
2009-07-10 13:28:35 ----D---- C:\ProgramData\Part Hide Grey Pop
2009-07-10 13:28:35 ----D---- C:\Program Files\Common Files\Scanner
2009-07-10 13:28:35 ----ADC---- C:\Windows\system32\DRVSTORE
2009-07-10 13:28:34 ----D---- C:\Windows\system32\wbem
2009-07-10 13:28:34 ----D---- C:\Windows\registration
2009-07-10 13:28:11 ----D---- C:\Program Files\Raxco
2009-07-07 11:10:56 ----A---- C:\Windows\system32\mrt.exe
2009-07-07 08:23:32 ----D---- C:\Users\dad\AppData\Roaming\Real
2009-07-07 08:22:04 ----D---- C:\Users\dad\AppData\Roaming\InstallShield
2009-07-06 23:56:44 ----D---- C:\ProgramData\NOS
2009-07-06 23:56:41 ----D---- C:\Program Files\NOS
2009-07-06 23:54:08 ----D---- C:\Windows\system32\migration
2009-07-06 23:54:08 ----D---- C:\Windows\system32\inetsrv
2009-07-06 23:54:08 ----D---- C:\Windows\system32\en-US
2009-07-06 23:45:32 ----SD---- C:\ProgramData\Microsoft
2009-07-06 11:56:25 ----RSD---- C:\Windows\assembly
2009-07-06 11:56:25 ----D---- C:\Windows\Microsoft.NET
2009-07-06 11:31:06 ----D---- C:\Program Files\Common Files
2009-07-06 11:10:35 ----D---- C:\ProgramData\Adobe
2009-07-06 11:10:31 ----D---- C:\Program Files\Common Files\Adobe
2009-07-06 11:10:30 ----D---- C:\Program Files\Adobe
2009-06-25 03:00:33 ----D---- C:\Program Files\Internet Explorer
2009-06-20 11:09:35 ----D---- C:\Program Files\Bell GamesMania

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 CSS DVP;Dynamic Virus Protection; C:\Windows\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-09 113664]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2008-01-09 55296]
R3 ATIAVPCI;ATI Unified AVStream service; C:\Windows\system32\DRIVERS\atinavrr.sys [2008-05-15 813696]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-29 228224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-05-11 1921184]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-05-11 41888]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-05-11 3580832]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 RimSerPort;RIM Virtual Serial Port; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-04-26 304920]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c921b2a16463c0;Google Update Service (gupdate1c921b2a16463c0); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S4 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe [2007-07-09 177416]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S4 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056]
S4 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736]
S4 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
S4 Radialpoint Security Services;Sympatico Security Manager; C:\Program Files\Bell\Security Manager\RpsSecurityAware.exe [2008-03-10 67824]
S4 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S4 RP_FWS;Sympatico Security Manager Firewall; C:\Program Files\Bell\Security Manager\Fws.exe [2008-03-10 303344]
S4 RPSUpdaterR;Sympatico Security Manager Update Service; C:\Program Files\Bell\Security Manager\rpsupdaterR.exe [2008-03-10 99568]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248]

-----------------EOF-----------------

[ih8spam]

an Info.txt file did not create and when i tried to do search it came back no file found ..

[Dakeyras]

Hi

Thank you for your attention to my post

You're welcome!

I notice the admin account of this computer is named dad, if you have family members who have access to this computer could you please make sure that no one else but your good self access's the machine during the malware removal process.

This is so no complications arise and or no new changes are made unless asked for by myself, thank you.

an Info.txt file did not create and when i tried to do search it came back no file found ..

OK not a problem, it could have been very well the log was not created for some reason. Please check within this folder as follows to see if Info.txt is present:

C:\RSIT

If it is not found in the above folder then please launch HijackThis via right clicking on HiJackThis.exe and select Run as Administrator.

Now click on Open the Misc Tools section.

• Click Open Uninstall Manager...
• Click Save list... and save it to your Desktop.
• Copy and paste the file uninstall_list.txt into your next reply.

Note: Only provide the above log if still unable to locate Info.txt.

TFC(Temp File Cleaner):

Note: No need to run this application in admin' mode it auto does this itself providing the account logged onto is a Administrator one. Which is this case it is.

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

1. Launch Malwarebytes' Anti-Malware
2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

• Right click once on RSIT.exe and select Run as Administrator.
• RSIT will start running, at the disclaimer click on Continue.
• When done, 1 log will be produced.
• Post that in your next reply.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any other symptoms and or problems encountered?
• Either Info.txt or the uninstall_list.txt
• Malwarebytes' Anti-Malware Log.
• A new RSIT Log.

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.