Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Machine running slow and hard drive space disappearing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Machine running slow and hard drive space disappearing

Unread postby winsteb » October 20th, 2009, 7:08 pm

Below is my Hijack This log. My computer has been running slower and slower and also my Hard Drive space has been slowly going away and I have not added any new programs. I removed Google Earth and I-Tunes and still saw now increase in disk space. I installed Malware Byte and ran the scan which found nothing.

thanks for any help

Winsteb


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:50 PM, on 10/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
O4 - Startup: Check for QCharts Updates.lnk = C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca13bfb52c6010) (gupdate1ca13bfb52c6010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 14191 bytes
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm
Advertisement
Register to Remove

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 25th, 2009, 12:57 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and i will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • You may wish to print them off or copy them into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that i will give to you later are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Next,
Uninstall List.
  • Run the HiJack This.
  • Click at Open the Misc Tools section button.
  • Click at Misc Tools tab.
  • Under the System tools, click at Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » October 25th, 2009, 10:21 pm

Okay here it is... thanks so much for your help

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.7
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
BlackBerry Desktop Software 5.0
BlackBerry Desktop Software 5.0
BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
BlackBerry® Media Sync
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
Corel Snapfire Plus
datasafeupdate
Dell AIO Printer 948
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Driver Installer
Fingerprint Reader Suite 5.6
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
Java(TM) SE Runtime Environment 6
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB954430)
Music, Photos & Videos Launcher
mWMI
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Orbital Viewer
OutlookAddinSetup
Product Documentation Launcher
QCharts 5.1
QCharts 6.0.3.2
QualxServ Service Agreement
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Media Manager
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SigmaTel Audio
Skype web features
Skype™ 4.1
Sonic Activation Module
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
WeatherBug
Webshots Desktop
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 28th, 2009, 7:02 am

Hi,
Let's proceed.

First,
ATF by Atribune.
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
MGADiag.
Please download from HERE and save to the desktop.
  • Right click on MGADiag.exe and choose to Run as administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.

Next,
Discussion.
What is the purpose of this program:

Orbital Viewer
QCharts 5.1
QCharts 6.0.3.2


Is it business PC/laptop?

Next,
Checklist.
Please post.
  • MGADiag.txt
  • Answer for discussion.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » October 28th, 2009, 10:51 pm

Hi, thanks for your help

This is a personal PC

QCharts 5.1 and Qcharts 6 are stock market charting software that I use to trade stock
The orbital Viewer I have no idea what it is.

here is my MGAdiag.txt file

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {8B63D591-5C4F-4B07-BF33-687C5F1AC8D2}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.090803-2339
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{8B63D591-5C4F-4B07-BF33-687C5F1AC8D2}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2062277449-622784391-178457105</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1330 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A15</Version><SMBIOSVersion major="2" minor="4"/><Date>20081226000000.000000+000</Date></BIOS><HWID>CF323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>A563DAF852F0730</Val><Hash>KZFSf/h3+zpZWDQlE+dupMUO4NE=</Hash><Pid>81602-920-6976086-68081</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-1862009
Installation ID: 022171170526855206723055799903952124141725339293710586
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAeqimFupyfPQSeei4YNEM8kaD1FJEnPL0ylysbMyXrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 29th, 2009, 11:29 am

Hi,
Let's proceed.

Note : Windows Vista require user to right click > run as administrator to run the program.

First,
Remove programs.
Please Click Start > Control Panel > Programs and Features
Remove these programs by clicking Uninstall/Change.
Java(TM) SE Runtime Environment 6
Adobe Reader 8.1.7

If some programs listed are not present, please do not panic and proceed to next step.

Next,
Java SE Runtime Environment (JRE).
Please download from HERE.
  • Find Java SE Runtime Environment (JRE) 6 Update 16.
  • Click on Download.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next,
Update Adobe Reader
  • Recently there have been vunerabilities detected in older versions of Adobe Reader.
  • It is strongly suggested that you update to the current version: Adobe Reader 9.2
  • You can download it from HERE

Note : Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from Foxit Software
Reminder : Do not install anything dealing with AskBar presented as an installation option.

Next,
Important.
WEATHERBUG
WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is 'spyware', and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it 'unsolicited', and since it is installed to raise money for its creators through the built-in ads it is certainly 'commercial'. So it does meet the definition for 'parasite': unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBug and choose one of these alternatives:

Please uninstall WeatherBug now.

Next,
Fix entries.
  • Go to HiJackThis Main menu.
  • Click at Do a system scan only button.
  • Search for below entries and tick it.
    O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
  • Close any other program and leave HiJackThis alone.
  • Click Fix checked

Next,
Delete folder
  • Navigate to the directory as below.
  • Delete the file or folder in red color (if exist).
    Folders :
    C:\Program Files\AWS


Next,
RSIT.
Please download Random's System Information Tool by random/random from HERE and save to the desktop.
  • Right click on RSIT.exe and run as administrator to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Right click on Gmer.exe and run as administrator to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt.
  • Content of info.txt
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » October 29th, 2009, 11:30 pm

okay here you go:

info.txt logfile of random's system information tool 1.06 2009-10-29 23:14:37

======Uninstall list======

-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Communication Manager-->MsiExec.exe /X{C7C4FE5F-BACE-4B67-937E-F322660A3877}
BlackBerry Desktop Software 5.0-->MsiExec.exe /i{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}
BlackBerry Desktop Software 5.0-->MsiExec.exe /I{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}
BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone-->MsiExec.exe /X{32A640BD-4244-4FAF-8796-EA401652E26A}
BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
datasafeupdate-->MsiExec.exe /I{1D0BD79C-F8DA-4803-9C23-55480D769704}
Dell AIO Printer 948-->C:\Program Files\Dell AIO Printer 948\Install\x86\Uninst.exe
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Driver Installer-->MsiExec.exe /X{F804CAE5-50B2-4646-803A-A428325237CA}
Fingerprint Reader Suite 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_874698634E0FC940.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Orbital Viewer-->C:\Program Files\OV\UNINST.EXE
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QCharts 5.1-->C:\PROGRA~1\Quote.com\QCHART~1.1\UNWISE.EXE C:\PROGRA~1\Quote.com\QCHART~1.1\INSTALL.LOG
QCharts 6.0.3.2-->C:\Program Files\InstallShield Installation Information\{E78E7207-B248-4655-A27E-453F12D87865}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager-->MsiExec.exe /X{4D612FB2-1AE7-4E46-9377-35BB2F06A787}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Webshots Desktop-->C:\Program Files\AGI\core\3.1\InstallerGUI.exe uninstall WebshotsDesktop WebshotsDesktop
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: winsteb-PC
Event Code: 4374
Message: Windows Servicing identified that package KB954459(Security Update) is not applicable for this system
Record Number: 7240
Source Name: Microsoft-Windows-Servicing
Time Written: 20090706002303.000000-000
Event Type: Warning
User: winsteb-PC\winsteb

Computer Name: winsteb-PC
Event Code: 4374
Message: Windows Servicing identified that package KB954459(Security Update) is not applicable for this system
Record Number: 7239
Source Name: Microsoft-Windows-Servicing
Time Written: 20090706002303.000000-000
Event Type: Warning
User: winsteb-PC\winsteb

Computer Name: winsteb-PC
Event Code: 4374
Message: Windows Servicing identified that package KB954459(Security Update) is not applicable for this system
Record Number: 7238
Source Name: Microsoft-Windows-Servicing
Time Written: 20090706002303.000000-000
Event Type: Warning
User: winsteb-PC\winsteb

Computer Name: winsteb-PC
Event Code: 4374
Message: Windows Servicing identified that package KB950760(Security Update) is not applicable for this system
Record Number: 7128
Source Name: Microsoft-Windows-Servicing
Time Written: 20090706002209.000000-000
Event Type: Warning
User: winsteb-PC\winsteb

Computer Name: winsteb-PC
Event Code: 4374
Message: Windows Servicing identified that package KB950760(Security Update) is not applicable for this system
Record Number: 7127
Source Name: Microsoft-Windows-Servicing
Time Written: 20090706002209.000000-000
Event Type: Warning
User: winsteb-PC\winsteb

=====Application event log=====

Computer Name: winsteb-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Record Number: 507
Source Name: .NET Runtime Optimization Service
Time Written: 20090706010943.000000-000
Event Type: Error
User:

Computer Name: winsteb-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Record Number: 506
Source Name: .NET Runtime Optimization Service
Time Written: 20090706010910.000000-000
Event Type: Error
User:

Computer Name: winsteb-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Record Number: 505
Source Name: .NET Runtime Optimization Service
Time Written: 20090706010830.000000-000
Event Type: Error
User:

Computer Name: winsteb-PC
Event Code: 10006
Message: Application or service 'McAfee Integrated Security Platform' could not be shut down.
Record Number: 474
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090706002545.409600-000
Event Type: Error
User: winsteb-PC\winsteb

Computer Name: winsteb-PC
Event Code: 10010
Message: Application 'C:\PROGRA~1\McAfee.com\Agent\mcagent.exe' (pid 2980) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 468
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090706002502.728000-000
Event Type: Warning
User: winsteb-PC\winsteb

=====Security event log=====

Computer Name: winsteb-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x309dca

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 375
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705234010.262800-000
Event Type: Audit Success
User:

Computer Name: winsteb-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x309dca
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: BRIAN
Source Network Address: 192.168.1.103
Source Port: 4276

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 374
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705234009.888400-000
Event Type: Audit Success
User:

Computer Name: winsteb-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4fc
Name: C:\Windows\System32\svchost.exe

Previous Time: 7:33:09 PM 7/5/2009
New Time: 7:33:09 PM 7/5/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 373
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705233309.571000-000
Event Type: Audit Success
User:

Computer Name: winsteb-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4fc
Name: C:\Windows\System32\svchost.exe

Previous Time: 8:33:05 PM 7/5/2009
New Time: 7:33:09 PM 7/5/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 372
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090705233309.556059-000
Event Type: Audit Success
User:

Computer Name: winsteb-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2062277449-622784391-178457105-1000
Account Name: winsteb
Domain Name: winsteb-PC
Logon ID: 0xdef5e
Record Number: 371
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090706002957.909054-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=TRUE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by winsteb at 2009-10-29 23:14:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (2%) free of 226 GB
Total RAM: 3069 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:35 PM, on 10/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\winsteb\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\winsteb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
O4 - Startup: Check for QCharts Updates.lnk = C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca13bfb52c6010) (gupdate1ca13bfb52c6010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 14349 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
agcore.AGUtils - C:\Windows\system32\mscoree.dll [2009-03-30 278848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 857648]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-29 36864]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-17 49168]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-03 1838592]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-09-18 455336]
"MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-09-18 410280]
"Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-09-19 312560]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-07-01 623960]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-04-11 236016]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2009-05-19 33280]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-29 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\Program Files\NOS\bin\getPlus_Helper.dll [2009-09-23 51168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-03 68856]
"Dell DataSafe Scheduler"=C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\winsteb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Check for ContinuumClient Updates.lnk - C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
Check for QCharts Updates.lnk - C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
Webshots.lnk - C:\Program Files\Webshots\3.1.5.7613\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fc78d43-6cf3-11de-a418-0015c581d2f9}]
shell\AutoRun\command - G:\slacker.synclauncher.exe
shell\slacker\command - G:\slacker.synclauncher.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-29 23:14:34 ----D---- C:\rsit
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files\Adobe
2009-10-29 22:56:05 ----D---- C:\Program Files\Adobe
2009-10-29 22:55:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-29 22:54:45 ----D---- C:\Program Files\McAfee Security Scan
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaws.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaw.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\java.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\deploytk.dll
2009-10-28 22:41:21 ----D---- C:\MGADiagToolOutput
2009-10-27 19:45:16 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 19:45:14 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 19:45:12 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-20 18:58:13 ----D---- C:\Program Files\Trend Micro
2009-10-16 19:32:58 ----SHD---- C:\Config.Msi
2009-10-13 18:05:34 ----A---- C:\Windows\system32\msasn1.dll
2009-10-13 18:05:31 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-13 18:05:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-13 18:05:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-13 18:04:19 ----A---- C:\Windows\system32\mshtml.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\iertutil.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\ieframe.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\occache.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieui.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesetup.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iepeers.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-13 18:04:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-13 18:02:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-08 21:26:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wucltux.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wups.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wudriver.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wuapi.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2009-10-29 23:14:35 ----D---- C:\Windows\Temp
2009-10-29 23:14:35 ----D---- C:\Windows\Prefetch
2009-10-29 23:02:27 ----SHD---- C:\System Volume Information
2009-10-29 22:58:40 ----SHD---- C:\Windows\Installer
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files
2009-10-29 22:56:53 ----D---- C:\Windows\System32
2009-10-29 22:56:05 ----RD---- C:\Program Files
2009-10-29 22:54:45 ----HD---- C:\ProgramData
2009-10-29 22:54:19 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 22:54:14 ----D---- C:\Program Files\NOS
2009-10-29 22:48:26 ----D---- C:\Program Files\Java
2009-10-29 22:26:24 ----D---- C:\Documents and Settings\releaseengineer\Application Data\skypePM
2009-10-29 22:25:44 ----D---- C:\Windows\Tasks
2009-10-29 22:24:36 ----D---- C:\Windows
2009-10-29 22:24:29 ----A---- C:\Windows\system32\rpcnetp.exe
2009-10-29 22:24:25 ----A---- C:\Windows\system32\rpcnet.dll
2009-10-28 23:50:12 ----D---- C:\Windows\system32\catroot2
2009-10-28 22:35:10 ----D---- C:\Windows\rescache
2009-10-28 22:18:34 ----D---- C:\Program Files\McAfee
2009-10-27 20:29:44 ----D---- C:\Windows\winsxs
2009-10-27 20:29:44 ----D---- C:\Program Files\Internet Explorer
2009-10-27 20:29:31 ----D---- C:\Windows\system32\en-US
2009-10-27 20:29:31 ----D---- C:\Program Files\Windows Media Player
2009-10-27 19:44:44 ----D---- C:\Windows\system32\catroot
2009-10-21 06:45:19 ----D---- C:\Windows\system32\drivers
2009-10-19 20:53:13 ----D---- C:\Program Files\Common Files\Apple
2009-10-19 20:52:52 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-19 20:49:03 ----D---- C:\Program Files\Google
2009-10-13 23:38:35 ----D---- C:\Windows\Microsoft.NET
2009-10-13 23:38:23 ----RSD---- C:\Windows\assembly
2009-10-13 22:53:23 ----D---- C:\Program Files\Windows Mail
2009-10-13 22:53:22 ----D---- C:\Windows\ehome
2009-10-13 22:53:20 ----D---- C:\Windows\system32\migration
2009-10-11 22:37:10 ----D---- C:\Windows\inf
2009-10-11 22:37:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-03 14:34:41 ----D---- C:\PerfLogs
2009-10-02 14:01:57 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2009-05-19 18816]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-28 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-02-28 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-02-28 37376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-08-22 26760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 182456]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-17 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2009-05-19 32408]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 AGCoreService;AG Core Services; C:\Program Files\AGI\core\3.1\AGCoreService.exe [2009-04-03 20480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 dldf_device;dldf_device; C:\Windows\system32\dldfcoms.exe [2007-06-26 598664]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-07-06 56680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]
S2 gupdate1ca13bfb52c6010;Google Update Service (gupdate1ca13bfb52c6010); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-02 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 190448]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-04-11 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-04-11 170480]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2009-05-19 121344]
S3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2009-05-19 125440]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-03 1838592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-04-11 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit quick scan 2009-10-29 23:25:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\winsteb\AppData\Local\Temp\fwrdyfoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8FDAC79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8FDAC738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8FDAC74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8FDAC7DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8FDAC81F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8FDAC710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8FDAC724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8FDAC7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8FDAC847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8FDAC833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8FDAC78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8FDAC776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8FDAC80B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8FDAC7F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8FDAC7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8FDAC762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 30th, 2009, 6:17 pm

Hi,
I don't see any weird entries in your system.
Most probably not malware related.

Next,
This fix is optional fix that will reduce the amount of program that will run on startup. This will help your system running pretty fast.

Fix entries.
  • Go to HiJackThis Main menu.
  • Click at Do a system scan only button.
  • Search for below entries and tick it.
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  • Close any other program and leave HiJackThis alone.
  • Click Fix checked

Next,
ATF by Atribune
Proceed with the instruction if you didn't delete the copy before this.
Please download HERE and save to the desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Next,
RSIT.
Please run RSIT again to produce log.txt.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of log.txt (Find it at C:\Program Files\Eset\Eset Online Scanner\log.txt)
  • Content of log.txt (Find it at C:\rsit)
  • Any question if you have.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » October 30th, 2009, 8:49 pm

Okay here you go. Thanks for your help

Logfile of random's system information tool 1.06 (written by random/random)
Run by winsteb at 2009-10-30 20:39:40
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (2%) free of 226 GB
Total RAM: 3069 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:49 PM, on 10/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\winsteb\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\winsteb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
O4 - Startup: Check for QCharts Updates.lnk = C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca13bfb52c6010) (gupdate1ca13bfb52c6010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11941 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
agcore.AGUtils - C:\Windows\system32\mscoree.dll [2009-03-30 278848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 857648]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-17 49168]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-09-18 455336]
"MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-09-18 410280]
"Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-09-19 312560]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-07-01 623960]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-04-11 236016]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2009-05-19 33280]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-29 149280]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"Dell DataSafe Scheduler"=C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-03 68856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\winsteb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Check for ContinuumClient Updates.lnk - C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
Check for QCharts Updates.lnk - C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
Webshots.lnk - C:\Program Files\Webshots\3.1.5.7613\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fc78d43-6cf3-11de-a418-0015c581d2f9}]
shell\AutoRun\command - G:\slacker.synclauncher.exe
shell\slacker\command - G:\slacker.synclauncher.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-29 23:14:34 ----D---- C:\rsit
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files\Adobe
2009-10-29 22:56:05 ----D---- C:\Program Files\Adobe
2009-10-29 22:55:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-29 22:54:45 ----D---- C:\Program Files\McAfee Security Scan
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaws.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaw.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\java.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\deploytk.dll
2009-10-28 22:41:21 ----D---- C:\MGADiagToolOutput
2009-10-27 19:45:16 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 19:45:14 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 19:45:12 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-20 18:58:13 ----D---- C:\Program Files\Trend Micro
2009-10-16 19:32:58 ----SHD---- C:\Config.Msi
2009-10-13 18:05:34 ----A---- C:\Windows\system32\msasn1.dll
2009-10-13 18:05:31 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-13 18:05:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-13 18:05:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-13 18:04:19 ----A---- C:\Windows\system32\mshtml.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\iertutil.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\ieframe.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\occache.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieui.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesetup.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iepeers.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-13 18:04:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-13 18:02:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-08 21:26:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wucltux.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wups.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wudriver.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wuapi.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2009-10-30 20:39:41 ----D---- C:\Windows\Temp
2009-10-30 20:37:11 ----D---- C:\Windows\Prefetch
2009-10-30 20:16:52 ----D---- C:\Windows\Tasks
2009-10-30 20:14:46 ----D---- C:\Windows
2009-10-30 20:14:41 ----A---- C:\Windows\system32\rpcnetp.exe
2009-10-30 20:14:39 ----A---- C:\Windows\system32\rpcnet.dll
2009-10-30 19:52:13 ----D---- C:\Documents and Settings\releaseengineer\Application Data\skypePM
2009-10-30 19:50:47 ----RD---- C:\Program Files
2009-10-30 19:50:45 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 23:02:27 ----SHD---- C:\System Volume Information
2009-10-29 22:58:40 ----SHD---- C:\Windows\Installer
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files
2009-10-29 22:56:53 ----D---- C:\Windows\System32
2009-10-29 22:54:45 ----HD---- C:\ProgramData
2009-10-29 22:48:26 ----D---- C:\Program Files\Java
2009-10-28 23:50:12 ----D---- C:\Windows\system32\catroot2
2009-10-28 22:35:10 ----D---- C:\Windows\rescache
2009-10-28 22:18:34 ----D---- C:\Program Files\McAfee
2009-10-27 20:29:44 ----D---- C:\Windows\winsxs
2009-10-27 20:29:44 ----D---- C:\Program Files\Internet Explorer
2009-10-27 20:29:31 ----D---- C:\Windows\system32\en-US
2009-10-27 20:29:31 ----D---- C:\Program Files\Windows Media Player
2009-10-27 19:44:44 ----D---- C:\Windows\system32\catroot
2009-10-21 06:45:19 ----D---- C:\Windows\system32\drivers
2009-10-19 20:53:13 ----D---- C:\Program Files\Common Files\Apple
2009-10-19 20:52:52 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-19 20:49:03 ----D---- C:\Program Files\Google
2009-10-13 23:38:35 ----D---- C:\Windows\Microsoft.NET
2009-10-13 23:38:23 ----RSD---- C:\Windows\assembly
2009-10-13 22:53:23 ----D---- C:\Program Files\Windows Mail
2009-10-13 22:53:22 ----D---- C:\Windows\ehome
2009-10-13 22:53:20 ----D---- C:\Windows\system32\migration
2009-10-11 22:37:10 ----D---- C:\Windows\inf
2009-10-11 22:37:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-03 14:34:41 ----D---- C:\PerfLogs
2009-10-02 14:01:57 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2009-05-19 18816]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-28 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-02-28 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-02-28 37376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-08-22 26760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 182456]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-17 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2009-05-19 32408]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 AGCoreService;AG Core Services; C:\Program Files\AGI\core\3.1\AGCoreService.exe [2009-04-03 20480]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 dldf_device;dldf_device; C:\Windows\system32\dldfcoms.exe [2007-06-26 598664]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-07-06 56680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]
S2 gupdate1ca13bfb52c6010;Google Update Service (gupdate1ca13bfb52c6010); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-02 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 190448]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-04-11 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-04-11 170480]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2009-05-19 121344]
S3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2009-05-19 125440]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-04-11 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-03 1838592]
S4 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 30th, 2009, 9:04 pm

Hi,
I'm still waiting ESET online scanner (log.txt) as the bold green part.
You missed it.
Please provide.

Next,
Checklist.
Please post.
  • Content of log.txt (Find it at C:\Program Files\Eset\Eset Online Scanner\log.txt)
  • Content of log.txt (Find it at C:\rsit).
  • Any question if you have.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » October 31st, 2009, 3:48 pm

Sorry, ESET didn't load properly the first time


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Logfile of random's system information tool 1.06 (written by random/random)
Run by winsteb at 2009-10-30 20:45:05
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (2%) free of 226 GB
Total RAM: 3069 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:07 PM, on 10/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\winsteb\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\winsteb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
O4 - Startup: Check for QCharts Updates.lnk = C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1ca13bfb52c6010) (gupdate1ca13bfb52c6010) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11984 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
agcore.AGUtils - C:\Windows\system32\mscoree.dll [2009-03-30 278848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-08 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-06 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-06 256112]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 857648]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-17 49168]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-10-09 16384]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-09-18 455336]
"MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-09-18 410280]
"Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-09-19 312560]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-07-01 623960]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-04-11 236016]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"AT&T Communication Manager"=C:\Program Files\AT&T\Communication Manager\ATTCM.exe [2009-05-19 33280]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-29 149280]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"Dell DataSafe Scheduler"=C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-03 68856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\winsteb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Check for ContinuumClient Updates.lnk - C:\Program Files\Quote.com\ContinuumClient\WiseUpdt.exe
Check for QCharts Updates.lnk - C:\Program Files\Quote.com\QCharts 5.1\WiseUpdt.exe
Webshots.lnk - C:\Program Files\Webshots\3.1.5.7613\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fc78d43-6cf3-11de-a418-0015c581d2f9}]
shell\AutoRun\command - G:\slacker.synclauncher.exe
shell\slacker\command - G:\slacker.synclauncher.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-10-29 23:14:34 ----D---- C:\rsit
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files\Adobe
2009-10-29 22:56:05 ----D---- C:\Program Files\Adobe
2009-10-29 22:55:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-29 22:54:45 ----D---- C:\Program Files\McAfee Security Scan
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaws.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\javaw.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\java.exe
2009-10-29 22:48:54 ----A---- C:\Windows\system32\deploytk.dll
2009-10-28 22:41:21 ----D---- C:\MGADiagToolOutput
2009-10-27 19:45:16 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 19:45:14 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 19:45:12 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-20 18:58:13 ----D---- C:\Program Files\Trend Micro
2009-10-16 19:32:58 ----SHD---- C:\Config.Msi
2009-10-13 18:05:34 ----A---- C:\Windows\system32\msasn1.dll
2009-10-13 18:05:31 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-13 18:05:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-13 18:05:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-13 18:04:19 ----A---- C:\Windows\system32\mshtml.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\iertutil.dll
2009-10-13 18:04:18 ----A---- C:\Windows\system32\ieframe.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\occache.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-13 18:04:17 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ieui.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iesetup.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\iepeers.dll
2009-10-13 18:04:16 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-13 18:04:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-13 18:02:49 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-08 21:26:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wucltux.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-05 19:11:03 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wups.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wudriver.dll
2009-10-05 19:10:14 ----A---- C:\Windows\system32\wuapi.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-05 19:09:48 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 months======

2009-10-30 20:45:06 ----D---- C:\Windows\Temp
2009-10-30 20:37:11 ----D---- C:\Windows\Prefetch
2009-10-30 20:16:52 ----D---- C:\Windows\Tasks
2009-10-30 20:14:46 ----D---- C:\Windows
2009-10-30 20:14:41 ----A---- C:\Windows\system32\rpcnetp.exe
2009-10-30 20:14:39 ----A---- C:\Windows\system32\rpcnet.dll
2009-10-30 19:52:13 ----D---- C:\Documents and Settings\releaseengineer\Application Data\skypePM
2009-10-30 19:50:47 ----RD---- C:\Program Files
2009-10-30 19:50:45 ----SD---- C:\Windows\Downloaded Program Files
2009-10-29 23:02:27 ----SHD---- C:\System Volume Information
2009-10-29 22:58:40 ----SHD---- C:\Windows\Installer
2009-10-29 22:57:05 ----D---- C:\Program Files\Common Files
2009-10-29 22:56:53 ----D---- C:\Windows\System32
2009-10-29 22:54:45 ----HD---- C:\ProgramData
2009-10-29 22:48:26 ----D---- C:\Program Files\Java
2009-10-28 23:50:12 ----D---- C:\Windows\system32\catroot2
2009-10-28 22:35:10 ----D---- C:\Windows\rescache
2009-10-28 22:18:34 ----D---- C:\Program Files\McAfee
2009-10-27 20:29:44 ----D---- C:\Windows\winsxs
2009-10-27 20:29:44 ----D---- C:\Program Files\Internet Explorer
2009-10-27 20:29:31 ----D---- C:\Windows\system32\en-US
2009-10-27 20:29:31 ----D---- C:\Program Files\Windows Media Player
2009-10-27 19:44:44 ----D---- C:\Windows\system32\catroot
2009-10-21 06:45:19 ----D---- C:\Windows\system32\drivers
2009-10-19 20:53:13 ----D---- C:\Program Files\Common Files\Apple
2009-10-19 20:52:52 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-19 20:49:03 ----D---- C:\Program Files\Google
2009-10-13 23:38:35 ----D---- C:\Windows\Microsoft.NET
2009-10-13 23:38:23 ----RSD---- C:\Windows\assembly
2009-10-13 22:53:23 ----D---- C:\Program Files\Windows Mail
2009-10-13 22:53:22 ----D---- C:\Windows\ehome
2009-10-13 22:53:20 ----D---- C:\Windows\system32\migration
2009-10-11 22:37:10 ----D---- C:\Windows\inf
2009-10-11 22:37:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-03 14:34:41 ----D---- C:\PerfLogs
2009-10-02 14:01:57 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2009-05-19 18816]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-28 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-02-28 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-02-28 37376]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-08-22 26760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 182456]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-17 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2009-05-19 32408]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
R2 AGCoreService;AG Core Services; C:\Program Files\AGI\core\3.1\AGCoreService.exe [2009-04-03 20480]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 dldf_device;dldf_device; C:\Windows\system32\dldfcoms.exe [2007-06-26 598664]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-07-06 56680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]
S2 gupdate1ca13bfb52c6010;Google Update Service (gupdate1ca13bfb52c6010); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-02 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 190448]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-04-11 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-04-11 170480]
S3 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2009-05-19 121344]
S3 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2009-05-19 125440]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-04-11 1108464]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-01-03 1838592]
S4 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » October 31st, 2009, 8:37 pm

Hi,
Let's try another one.

Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

Next,
Checklist.
Please post.
  • Content of kaspersky log report.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » November 1st, 2009, 11:13 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 1, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 02, 2009 00:01:59
Records in database: 3112940
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 129342
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:10:03

No threats found. Scanned area is clean.

Selected area has been scanned.
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm

Re: Machine running slow and hard drive space disappearing

Unread postby xixo_12 » November 2nd, 2009, 8:37 am

Hi,
Good! Your system appear to be clean. :thumbright:

Since I noticed this :
System drive C: has 5 GB (2%) free of 226 GB
The free space just 2%!

Here is a few advices from me.

You need to free up some space on your hard drive. Put some of your files on CD or DVD and then erase them from your drive.
You can check the Free Space on the drive by going to Start > My Computer > right clicking on the C: drive, and choosing properties.
You need to have 35 Gb free space on the C: drive for this machine to work properly.
If you don't know how to transfer files to DVD or CD, you can visit one of these forums:

System/Hardware forums

You may need to do free registration in order to post at their forum ;)

Next,
ATFCleaner.
  • I gave the instruction about this program previously.
  • Keep that program to clean temporary files and will give you some free space

Next,
Antivirus.
  • Antivirus help you to give the maximum protection for the system.
  • You are advice to have only ONE antivirus running on the system.
  • Keep your antivirus updated.

Next,
WinPatrol.
  • Unwanted things always occur behind your knowledge. Let's this software take the snapshot of it.
  • For more information and installation can be found HERE

Next,
Information.

Happy safe surfing! :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Machine running slow and hard drive space disappearing

Unread postby winsteb » November 2nd, 2009, 10:12 pm

okay thanks for your help.
winsteb
Active Member
 
Posts: 10
Joined: October 19th, 2009, 9:25 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 391 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware