Need Help Fast to Rid myself of a TROJAN!!!!!!!
While I was trying to watch a video on the internet on 6/10/09 around 1:30 pm, I was prompted to upgrade my flash player to "flash player HD". I regret to say that I did the update. After it was done installing my Windows Defender, informed me that a Trojan horse was just installed onto my computer. Immediately after being notified I tried to run a system restore from 6/8/09, but the system did not restore and windows said that it couldn’t complete. After that didn’t work, I ran Windows Defender, AVG Free 8.5, and Norton Security Scan. All three of these identified the problem but were not able to get rid of the source.
From the scans I was able to identify a couple of the files, “TrojanDownloader:/Renos.IO†and also “C:\Windows\System32\drivers\MSIVXexuhigmwskmqupxnbluowvfxtovcpm.†While I was searching my computer for the files to try and remove them I was not able to locate them.
The Trojan is causing my two internet browsers to crash when trying to open them. My two web browsers are Internet Explorer and Mozilla Firefox. The Trojan is also causing my CD Drive to not work. I am also lacking access to files on my computer. I am only able to access the internet while running my computer while running it in safe mode.
If you could help me that would be great. Thank you.
Andy
From the scans I was able to identify a couple of the files, “TrojanDownloader:/Renos.IO†and also “C:\Windows\System32\drivers\MSIVXexuhigmwskmqupxnbluowvfxtovcpm.†While I was searching my computer for the files to try and remove them I was not able to locate them.
The Trojan is causing my two internet browsers to crash when trying to open them. My two web browsers are Internet Explorer and Mozilla Firefox. The Trojan is also causing my CD Drive to not work. I am also lacking access to files on my computer. I am only able to access the internet while running my computer while running it in safe mode.
If you could help me that would be great. Thank you.
Andy
0
Comments
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
I was wondering, since I am running on Safe Mode with Networking. Should I save the program to the Desktop and then run the program in normal mode. Thank you for your help
Andy
Please
I was wondering if it would be possible to run an OTS scan? Because the ComboFix is not working
Download Combofix from the link below. Save it to your desktop.
> Link Removed <
(I have renamed the file)
Please try the following steps until Combofix (CleanMe.exe) runs. Then post the log.
STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
#1
Try double clicking the renamed file.
#2
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.
"%userprofile%\desktop\CleanMe.exe" /killall
When finished, it shall produce a log for you. Post that log in your next reply.
#3
Reboot in safe mode
You will now need to reboot in safe mode, you will not have internet access whilst you do the next part
Please copy/paste or print the following instructions.
You can boot in Safe Mode by restarting your computer, then continually tapping F5 OR F8 until a menu appears.
Use your up arrow key to highlight Safe Mode, then hit enter.
Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.
"%userprofile%\desktop\CleanMe.exe" /killall
When finished, it shall produce a log for you. Post that log in your next reply.
ComboFix 09-06-13.09 - Andy 06/14/2009 10:38.1 - NTFSx86 MINIMAL
Microsoft. Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3061.2538 [GMT -5:00]
Running from: c:\users\Andy\Desktop\CleanMe.exe
Command switches used :: /killall
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\MSIVXexuhiqmwskruqvpxnbluowvfxytovcpm.sys
c:\windows\system32\MSIVXatpbomwnjrjevvgdicqfaedlcpkbmcwm.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXyhxbkpivsbvcbnbafrbspdyqoyexbupt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 15:43 . 2009-06-14 15:48
d
w- c:\users\Andy\AppData\Local\temp
2009-06-12 06:32 . 2009-06-12 06:32
d
w- c:\users\Other\AppData\Roaming\HP
2009-06-12 06:32 . 2009-06-12 06:32
d
w- c:\users\Other\AppData\Local\Mozilla
2009-06-12 06:31 . 2009-06-12 06:34
d
w- c:\users\Other\AppData\Local\Google
2009-06-12 06:31 . 2009-06-12 06:31
d
w- c:\users\Other\Bluetooth Software
2009-06-12 06:31 . 2009-06-12 06:31
d
w- c:\users\Other\AppData\Local\SupportSoft
2009-06-12 06:30 . 2009-06-12 06:30
d
w- c:\users\Other\AppData\Local\MediaDirect
2009-06-12 06:30 . 2009-06-12 06:30
d
w- c:\users\Other\AppData\Roaming\Dell
2009-06-12 06:30 . 2009-06-12 06:30 101856 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 16:14 . 2009-06-11 16:15
d
w- c:\program files\Windows Live Safety Center
2009-06-11 05:56 . 2009-06-11 05:56
d
w- c:\programdata\Citrix
2009-06-11 05:51 . 2009-06-11 05:52
d
w- c:\users\Andy\AppData\Local\Deployment
2009-06-11 05:51 . 2009-06-11 05:51
d
w- c:\users\Andy\AppData\Local\Apps
2009-05-31 23:01 . 2009-04-15 18:07 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVENG.SYS
2009-05-31 23:01 . 2009-04-15 18:07 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVEX15.SYS
2009-05-31 23:01 . 2009-04-15 18:07 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\hub.scr
2009-05-31 23:01 . 2009-04-15 18:07 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\EECTRL.SYS
2009-05-31 23:01 . 2009-04-15 18:07 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\ECMSVR32.DLL
2009-05-31 23:01 . 2009-04-15 18:07 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\CCERASER.DLL
2009-05-31 23:01 . 2009-04-15 18:07 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVENG32.DLL
2009-05-31 23:01 . 2009-04-15 18:07 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVEX32A.DLL
2009-05-31 23:01 . 2009-04-15 18:07 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\ERASER.SYS
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_D3DD076B988600E59BFD1E.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_CA1D36A8BD7C6E8B327132.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_A17D378A7C093FF2005726.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_6FEFF9B68218417F98F549.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_67DB1B8F6A28368D658316.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_64E749EF31745C29AAF314.exe
2009-05-27 06:50 . 2009-05-27 06:50
d
w- c:\program files\FriendFinder
2009-05-17 09:49 . 2009-05-17 09:49
d
w- c:\program files\CDisplay
2009-05-16 05:16 . 2009-05-28 13:20
d
w- c:\program files\BeerSmith
2009-05-16 05:16 . 2009-05-16 05:16
d
w- C:\BeerSmith_14_installer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 15:46 . 2008-12-21 04:32
d
w- c:\users\Andy\AppData\Roaming\LimeWire
2009-06-14 15:45 . 2009-01-17 22:05
d
w- c:\users\Andy\AppData\Roaming\DNA
2009-06-14 15:37 . 2008-12-21 00:20
d
w- c:\programdata\avg8
2009-06-14 15:32 . 2008-12-15 16:42 3308 ----a-w- c:\windows\bthservsdp.dat
2009-06-14 05:18 . 2009-05-07 20:12 680 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2009-06-13 07:17 . 2009-05-02 17:01
d
w- c:\program files\Norton Security Scan
2009-06-11 15:50 . 2009-05-02 17:01
d
w- c:\program files\Common Files\Symantec Shared
2009-06-11 04:48 . 2009-01-19 22:42
d
w- c:\users\Andy\AppData\Roaming\BitTorrent
2009-06-05 21:59 . 2008-12-21 04:15
d
w- c:\users\Andy\AppData\Roaming\Skype
2009-06-05 21:02 . 2008-12-21 04:15
d
w- c:\users\Andy\AppData\Roaming\skypePM
2009-05-28 13:20 . 2009-01-18 03:36
d
w- c:\program files\BitComet
2009-05-19 06:36 . 2009-06-14 03:24 2884832
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 06:36 . 2009-06-14 03:24 28
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 06:36 . 2009-06-14 03:24 1484856
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 06:36 . 2009-06-14 03:24 25
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 06:36 . 2009-06-14 03:24 97072
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-14 03:24 142040
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-14 03:24 30512
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 06:36 . 2009-06-14 03:24 111920
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-15 08:02 . 2008-12-20 23:27
d
w- c:\programdata\Microsoft Help
2009-05-15 08:00 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-17 08:01 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 08:01 24064 ----a-w- c:\windows\system32\amxread.dll
2008-12-15 23:16 . 2009-01-09 19:08 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-15 23:07 . 2008-12-15 23:07 76 --sh--r- c:\windows\CT4CET.bin
2008-12-16 00:19 . 2008-12-16 00:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 23:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-11-21 3647304]
"BitTorrent DNA"="c:\users\Andy\Program Files\DNA\btdna.exe" [2009-01-18 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-10-03 1742064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-08 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
c:\users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2008-12-15 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-15 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-15 23:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E964A0EF-4A30-497B-99FA-D85C8ACD157D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{01074D62-FC52-4C1F-898E-26FAA0525CCC}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DBD7D135-BDCA-4D3C-B80B-384901441051}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4F43923F-FDDE-4BDA-955F-8EABA7174DEE}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F10D6097-974E-4B77-8520-4CA885DF9DD9}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{0416F537-2925-4A53-BDAB-BCA0E2C38F2B}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{F658F92E-DB2E-4827-9EC4-38C88711C7C8}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{C111D101-B54A-4A67-969A-A85CA425F76F}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{1533CB7C-5D1F-4E9E-A980-ACE84282393E}"= UDP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{785B37CE-C898-430D-BBCF-76667B25BFDB}"= TCP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{74272E30-2C0B-4D65-9F06-55ECB1BF7EAF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7182486B-EC55-4CBD-A48F-5CE2461D7E43}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E851AAC7-0024-4AD8-A76B-9F001263B35C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{73E6F526-9B74-4BE6-AD95-53F8503447D5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E4708AF-D652-4131-A0ED-039CA4C30ABA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19A8CEAF-7390-494D-9484-EB372B502243}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5223429F-7B3C-43C7-B396-4DAC38C359BE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3E1B927F-016E-403A-B441-33C928FD70F4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3B1431D9-96F0-49AE-8890-EBD5EAE17205}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EBC1076F-339E-4DDE-B01B-E2A640226B11}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0ECB92F9-347A-422E-9E76-488AA3BDFAFB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{143B490C-68CE-46FC-B146-716EFFD3AFF8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F91D32F2-2324-49DB-8800-3FEB9468A14A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA3A20FA-D0BE-443E-A5C9-6F8A4184ED63}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{C8ACA3FA-2EA4-48C3-AF35-FA9703864C6F}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{F1B6E3D7-3552-4511-91C7-2896E1480879}"= UDP:56968:Pando P2P TCP Listening Port
"{4AF9D979-7B2F-4C32-BA0C-EAC77B2D21FE}"= TCP:56968:Pando P2P UDP Listening Port
"{90223C99-8F31-451E-99D3-54D650CDBD7A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{06B07336-F21A-4D52-B3D4-F77F35B9657B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D259ABD-D5FC-4F09-869B-2C39AB1B51D4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F200EF5C-5376-40ED-BD96-9FBC90908E40}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEC270A0-3FA5-482C-9132-345132B5C81A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3A136790-3C18-45D1-B525-952A8997C9A7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{098FE5BD-6E28-4960-9A04-E7CF692D8A7F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3CBEB8F1-EC19-4434-A807-CED048FCF71F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{A11A6F24-1DF8-42F5-BC39-2A41E9BB28B0}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{7DB5A219-C5F6-44BD-A34B-5C5BD48F166C}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{8848648F-6D23-4A23-A506-84EBA091EB35}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A43E1AD6-6126-4E8D-8B38-284B6EFE18C4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B64B3324-B3A1-4402-AD61-03DC1C5A6812}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C64C4432-8B11-4363-8C98-396C1EE5281D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/15/2008 11:40 AM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/23/2008 11:09 PM 155648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/20/2008 11:07 PM 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [12/15/2008 7:34 PM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [12/15/2008 7:33 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [12/15/2008 7:33 PM 7424]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/15/2008 6:16 PM 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\Norton Security Scan for Andy.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 00:04]
2009-05-06 c:\windows\Tasks\WebReg Deskjet F300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 03:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\donyu4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Andy\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 10:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
- - - - - - - > 'Explorer.exe'(4988)
c:\windows\system32\btncopy.dll
.
Other Running Processes
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Dell Remote Access\ezi_ra.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\BCMWLTRY.EXE
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-14 10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 15:52
Pre-Run: 145,662,713,856 bytes free
Post-Run: 143,393,251,328 bytes free
290 --- E O F --- 2009-06-08 15:18
Log file system in Normal Mode
ComboFix 09-06-13.09 - Andy 06/14/2009 10:58.1 - NTFSx86
Microsoft. Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3061.1754 [GMT -5:00]
Running from: c:\users\Andy\Desktop\CleanMe.exe
Command switches used :: /killaa
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.
2009-06-14 16:01 . 2009-06-14 16:01
d
w- c:\users\Other\AppData\Local\temp
2009-06-14 03:24 . 2009-05-19 06:36 2884832
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-06-12 06:32 . 2009-06-12 06:32
d
w- c:\users\Other\AppData\Roaming\HP
2009-06-12 06:32 . 2009-06-12 06:32
d
w- c:\users\Other\AppData\Local\Mozilla
2009-06-12 06:31 . 2009-06-12 06:34
d
w- c:\users\Other\AppData\Local\Google
2009-06-12 06:31 . 2009-06-12 06:31
d
w- c:\users\Other\Bluetooth Software
2009-06-12 06:31 . 2009-06-12 06:31
d
w- c:\users\Other\AppData\Local\SupportSoft
2009-06-12 06:30 . 2009-06-12 06:30
d
w- c:\users\Other\AppData\Local\MediaDirect
2009-06-12 06:30 . 2009-06-12 06:30
d
w- c:\users\Other\AppData\Roaming\Dell
2009-06-12 06:30 . 2009-06-12 06:30 101856 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 16:14 . 2009-06-11 16:15
d
w- c:\program files\Windows Live Safety Center
2009-06-11 05:56 . 2009-06-11 05:56
d
w- c:\programdata\Citrix
2009-06-11 05:51 . 2009-06-11 05:52
d
w- c:\users\Andy\AppData\Local\Deployment
2009-06-11 05:51 . 2009-06-11 05:51
d
w- c:\users\Andy\AppData\Local\Apps
2009-05-31 23:01 . 2009-04-15 18:07 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVENG.SYS
2009-05-31 23:01 . 2009-04-15 18:07 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVEX15.SYS
2009-05-31 23:01 . 2009-04-15 18:07 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\hub.scr
2009-05-31 23:01 . 2009-04-15 18:07 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\EECTRL.SYS
2009-05-31 23:01 . 2009-04-15 18:07 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\ECMSVR32.DLL
2009-05-31 23:01 . 2009-04-15 18:07 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\CCERASER.DLL
2009-05-31 23:01 . 2009-04-15 18:07 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVENG32.DLL
2009-05-31 23:01 . 2009-04-15 18:07 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\NAVEX32A.DLL
2009-05-31 23:01 . 2009-04-15 18:07 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090531.003\ERASER.SYS
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_D3DD076B988600E59BFD1E.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_CA1D36A8BD7C6E8B327132.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_A17D378A7C093FF2005726.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_6FEFF9B68218417F98F549.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_67DB1B8F6A28368D658316.exe
2009-05-27 06:50 . 2009-05-27 06:50 12846 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}\_64E749EF31745C29AAF314.exe
2009-05-27 06:50 . 2009-05-27 06:50
d
w- c:\program files\FriendFinder
2009-05-17 09:49 . 2009-05-17 09:49
d
w- c:\program files\CDisplay
2009-05-16 05:16 . 2009-05-28 13:20
d
w- c:\program files\BeerSmith
2009-05-16 05:16 . 2009-05-16 05:16
d
w- C:\BeerSmith_14_installer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 15:55 . 2009-01-17 22:05
d
w- c:\users\Andy\AppData\Roaming\DNA
2009-06-14 15:46 . 2008-12-21 04:32
d
w- c:\users\Andy\AppData\Roaming\LimeWire
2009-06-14 15:37 . 2008-12-21 00:20
d
w- c:\programdata\avg8
2009-06-14 15:32 . 2008-12-15 16:42 3308 ----a-w- c:\windows\bthservsdp.dat
2009-06-14 05:18 . 2009-05-07 20:12 680 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2009-06-13 07:17 . 2009-05-02 17:01
d
w- c:\program files\Norton Security Scan
2009-06-11 15:50 . 2009-05-02 17:01
d
w- c:\program files\Common Files\Symantec Shared
2009-06-11 04:48 . 2009-01-19 22:42
d
w- c:\users\Andy\AppData\Roaming\BitTorrent
2009-06-05 21:59 . 2008-12-21 04:15
d
w- c:\users\Andy\AppData\Roaming\Skype
2009-06-05 21:02 . 2008-12-21 04:15
d
w- c:\users\Andy\AppData\Roaming\skypePM
2009-05-28 13:20 . 2009-01-18 03:36
d
w- c:\program files\BitComet
2009-05-19 06:36 . 2009-06-14 03:24 28
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 06:36 . 2009-06-14 03:24 1484856
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 06:36 . 2009-06-14 03:24 25
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 06:36 . 2009-06-14 03:24 97072
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-14 03:24 142040
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-14 03:24 30512
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 06:36 . 2009-06-14 03:24 111920
w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-15 08:02 . 2008-12-20 23:27
d
w- c:\programdata\Microsoft Help
2009-05-15 08:00 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-03-17 03:38 . 2009-04-17 08:01 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 08:01 24064 ----a-w- c:\windows\system32\amxread.dll
2008-12-15 23:16 . 2009-01-09 19:08 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-15 23:07 . 2008-12-15 23:07 76 --sh--r- c:\windows\CT4CET.bin
2008-12-16 00:19 . 2008-12-16 00:17 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-06-14_15.47.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-20 22:15 . 2009-06-14 15:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-20 22:15 . 2009-06-14 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-20 22:15 . 2009-06-14 15:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 22:15 . 2009-06-14 15:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 22:15 . 2009-06-14 15:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-20 22:15 . 2009-06-14 15:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:25 . 2008-01-21 02:25 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18254_none_33f7ddc1da1f1d8a\McrMgr.dll
+ 2009-06-02 08:01 . 2009-06-14 15:52 4999988 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
- 2006-11-02 10:22 . 2009-06-11 04:48 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-06-14 15:52 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-14 15:57 . 2009-06-14 15:57 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 23:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-11-21 3647304]
"BitTorrent DNA"="c:\users\Andy\Program Files\DNA\btdna.exe" [2009-01-18 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-15 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-10-03 1742064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-08 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
c:\users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2008-12-15 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-15 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-15 23:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E964A0EF-4A30-497B-99FA-D85C8ACD157D}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{01074D62-FC52-4C1F-898E-26FAA0525CCC}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{DBD7D135-BDCA-4D3C-B80B-384901441051}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4F43923F-FDDE-4BDA-955F-8EABA7174DEE}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{F10D6097-974E-4B77-8520-4CA885DF9DD9}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{0416F537-2925-4A53-BDAB-BCA0E2C38F2B}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{F658F92E-DB2E-4827-9EC4-38C88711C7C8}"= UDP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{C111D101-B54A-4A67-969A-A85CA425F76F}"= TCP:c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{1533CB7C-5D1F-4E9E-A980-ACE84282393E}"= UDP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{785B37CE-C898-430D-BBCF-76667B25BFDB}"= TCP:c:\programdata\SingleClick Systems\VLC\vlc.exe:Remote Access VLC
"{74272E30-2C0B-4D65-9F06-55ECB1BF7EAF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7182486B-EC55-4CBD-A48F-5CE2461D7E43}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E851AAC7-0024-4AD8-A76B-9F001263B35C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{73E6F526-9B74-4BE6-AD95-53F8503447D5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E4708AF-D652-4131-A0ED-039CA4C30ABA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19A8CEAF-7390-494D-9484-EB372B502243}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5223429F-7B3C-43C7-B396-4DAC38C359BE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3E1B927F-016E-403A-B441-33C928FD70F4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3B1431D9-96F0-49AE-8890-EBD5EAE17205}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EBC1076F-339E-4DDE-B01B-E2A640226B11}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{0ECB92F9-347A-422E-9E76-488AA3BDFAFB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{143B490C-68CE-46FC-B146-716EFFD3AFF8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F91D32F2-2324-49DB-8800-3FEB9468A14A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FA3A20FA-D0BE-443E-A5C9-6F8A4184ED63}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{C8ACA3FA-2EA4-48C3-AF35-FA9703864C6F}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{F1B6E3D7-3552-4511-91C7-2896E1480879}"= UDP:56968:Pando P2P TCP Listening Port
"{4AF9D979-7B2F-4C32-BA0C-EAC77B2D21FE}"= TCP:56968:Pando P2P UDP Listening Port
"{90223C99-8F31-451E-99D3-54D650CDBD7A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{06B07336-F21A-4D52-B3D4-F77F35B9657B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D259ABD-D5FC-4F09-869B-2C39AB1B51D4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F200EF5C-5376-40ED-BD96-9FBC90908E40}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEC270A0-3FA5-482C-9132-345132B5C81A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3A136790-3C18-45D1-B525-952A8997C9A7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{098FE5BD-6E28-4960-9A04-E7CF692D8A7F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3CBEB8F1-EC19-4434-A807-CED048FCF71F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{A11A6F24-1DF8-42F5-BC39-2A41E9BB28B0}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{7DB5A219-C5F6-44BD-A34B-5C5BD48F166C}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{8848648F-6D23-4A23-A506-84EBA091EB35}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A43E1AD6-6126-4E8D-8B38-284B6EFE18C4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B64B3324-B3A1-4402-AD61-03DC1C5A6812}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C64C4432-8B11-4363-8C98-396C1EE5281D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [12/15/2008 11:40 AM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [9/23/2008 11:09 PM 155648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/20/2008 11:07 PM 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [12/15/2008 7:34 PM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [12/15/2008 7:33 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [12/15/2008 7:33 PM 7424]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/15/2008 6:16 PM 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-06-11 c:\windows\Tasks\Norton Security Scan for Andy.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 00:04]
2009-05-06 c:\windows\Tasks\WebReg Deskjet F300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-11 03:36]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\donyu4wn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Andy\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 11:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-14 11:02
ComboFix-quarantined-files.txt 2009-06-14 16:02
ComboFix2.txt 2009-06-14 15:52
Pre-Run: 143,272,054,784 bytes free
Post-Run: 143,239,835,648 bytes free
264 --- E O F --- 2009-06-08 15:18
Download and Run RSIT
Run by Andy at 2009-06-14 13:39:03
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 139 GB (48%) free of 293 GB
Total RAM: 3061 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:14 PM, on 6/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Andy\Desktop\RSIT.exe
C:\Program Files\trend micro\Andy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Andy\Program Files\DNA\btdna.exe"
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Remote Access.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10911 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Norton Security Scan for Andy.job
C:\Windows\tasks\WebReg Deskjet F300 series.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-12 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-04 36864]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-07-03 3563520]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-15 30192]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2008-10-03 1742064]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-08 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-15 39408]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"Pando"=C:\Program Files\Pando Networks\Pando\Pando.exe [2008-11-20 3647304]
"BitTorrent DNA"=C:\Users\Andy\Program Files\DNA\btdna.exe [2009-01-17 342848]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-12-15 10536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-06-14 13:39:03 ----D---- C:\rsit
2009-06-14 13:39:03 ----D---- C:\Program Files\trend micro
2009-06-14 11:02:47 ----D---- C:\Windows\temp
2009-06-14 11:02:46 ----A---- C:\ComboFix.txt
2009-06-14 11:01:47 ----SHD---- C:\$RECYCLE.BIN
2009-06-14 10:21:54 ----A---- C:\Windows\zip.exe
2009-06-14 10:21:54 ----A---- C:\Windows\SWXCACLS.exe
2009-06-14 10:21:54 ----A---- C:\Windows\SWSC.exe
2009-06-14 10:21:54 ----A---- C:\Windows\SWREG.exe
2009-06-14 10:21:54 ----A---- C:\Windows\sed.exe
2009-06-14 10:21:54 ----A---- C:\Windows\PEV.exe
2009-06-14 10:21:54 ----A---- C:\Windows\NIRCMD.exe
2009-06-14 10:21:54 ----A---- C:\Windows\grep.exe
2009-06-14 10:14:05 ----D---- C:\Windows\ERDNT
2009-06-14 10:13:30 ----D---- C:\Qoobox
2009-06-11 11:14:57 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-11 00:56:47 ----D---- C:\ProgramData\Citrix
2009-06-11 00:46:31 ----A---- C:\Windows\ntbtlog.txt
2009-05-27 01:50:29 ----D---- C:\Program Files\FriendFinder
2009-05-17 04:49:57 ----D---- C:\Program Files\CDisplay
2009-05-16 00:16:11 ----D---- C:\Program Files\BeerSmith
2009-05-16 00:16:03 ----D---- C:\BeerSmith_14_installer
======List of files/folders modified in the last 1 months======
2009-06-14 13:39:03 ----RD---- C:\Program Files
2009-06-14 11:08:28 ----D---- C:\Users\Andy\AppData\Roaming\DNA
2009-06-14 11:02:48 ----D---- C:\Windows\system32\en-US
2009-06-14 11:02:48 ----D---- C:\Windows\System32
2009-06-14 11:02:47 ----D---- C:\Windows
2009-06-14 11:01:13 ----A---- C:\Windows\system.ini
2009-06-14 11:00:07 ----D---- C:\Windows\system32\drivers
2009-06-14 11:00:07 ----D---- C:\Windows\AppPatch
2009-06-14 11:00:06 ----D---- C:\Program Files\Common Files
2009-06-14 10:53:14 ----D---- C:\Windows\system32\catroot
2009-06-14 10:53:11 ----D---- C:\Windows\system32\catroot2
2009-06-14 10:52:51 ----D---- C:\Windows\winsxs
2009-06-14 10:47:57 ----D---- C:\Windows\Prefetch
2009-06-14 10:46:48 ----D---- C:\Users\Andy\AppData\Roaming\LimeWire
2009-06-14 10:44:54 ----AD---- C:\ProgramData\TEMP
2009-06-14 10:37:48 ----D---- C:\Program Files\Mozilla Firefox
2009-06-14 10:37:42 ----D---- C:\ProgramData\avg8
2009-06-14 10:36:57 ----HD---- C:\ProgramData
2009-06-13 22:12:22 ----D---- C:\Windows\system32\LogFiles
2009-06-13 02:17:08 ----D---- C:\Program Files\Norton Security Scan
2009-06-12 18:06:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-12 18:06:45 ----D---- C:\Windows\inf
2009-06-12 01:29:43 ----RD---- C:\Users
2009-06-12 00:34:25 ----HD---- C:\$AVG8.VAULT$
2009-06-11 13:51:09 ----D---- C:\Windows\Tasks
2009-06-11 13:50:50 ----SHD---- C:\Windows\Installer
2009-06-11 13:50:50 ----HD---- C:\Config.Msi
2009-06-11 13:48:41 ----D---- C:\Windows\system32\Tasks
2009-06-11 11:14:58 ----SD---- C:\Windows\Downloaded Program Files
2009-06-11 10:50:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-11 00:10:07 ----SHD---- C:\System Volume Information
2009-06-10 23:48:01 ----D---- C:\Users\Andy\AppData\Roaming\BitTorrent
2009-06-05 16:59:39 ----D---- C:\Users\Andy\AppData\Roaming\Skype
2009-06-05 16:02:20 ----D---- C:\Users\Andy\AppData\Roaming\skypePM
2009-05-28 08:20:04 ----D---- C:\Program Files\BitComet
2009-05-27 01:50:31 ----SD---- C:\Users\Andy\AppData\Roaming\Microsoft
2009-05-15 03:02:22 ----D---- C:\ProgramData\Microsoft Help
2009-05-15 03:02:13 ----RSD---- C:\Windows\assembly
2009-05-15 03:00:53 ----D---- C:\Program Files\Windows Mail
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-07-03 1207288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-23 12672]
S2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys [2008-06-17 22016]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-23 8704]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-07-03 18424]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-12-15 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-12-15 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-12-15 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
S3 catchme;catchme; \??\C:\Users\Andy\AppData\Local\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-23 980992]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-23 208384]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-12-15 50688]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-23 661504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-12-15 72704]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2008-07-28 44032]
S2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 hnmsvc;Advanced Networking Service; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [2008-09-30 820464]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
S2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-07-03 24064]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-23 386560]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-07-04 164600]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-15 30192]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-12-15 16680]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
EOF
======Uninstall list======
-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dell Game Console\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dream Chronicles\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\FATE\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Audacity 1.3.6 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Boggle (remove only)-->"C:\Program Files\Yahoo! Games\Boggle\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000fz.INF
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell Best of Web-->MsiExec.exe /I{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Remote Access-->MsiExec.exe /I{F66A31D9-7831-4FBA-BA02-C411C0047CC5}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DELL0604-->MsiExec.exe /I{3D8F9830-D6A3-413A-9A54-993827A73E47}
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eBrainyGames Super Menu-->C:\PROGRA~1\EBRAIN~1\SUPERM~1\UNWISE.EXE C:\PROGRA~1\EBRAIN~1\SUPERM~1\INSTALL.LOG
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
FriendFinder Messenger v4.1-->MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{6FF543AB-99B3-4120-902C-70A38314ABD8}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Pando-->MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartShopper-->C:\Program Files\Smart-Shopper\Uninst.exe
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual Calculus 3.6-->"C:\Downloads\Visual Calculus\unins000.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
WildTangent Games-->"C:\Program Files\WildTangent\Dell Games\Uninstall.exe"
Windows Live OneCare safety scanner-->%ProgramFiles%\Windows Live Safety Center\wlschost.exe -Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Andy-PC
Event Code: 10005
Message: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Record Number: 47240
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090614161050.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 47257
Source Name: Service Control Manager
Time Written: 20090614161114.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
spldr
Wanarpv6
Record Number: 47267
Source Name: Service Control Manager
Time Written: 20090614161114.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 47268
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090614161117.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 47272
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090614183907.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Andy-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8007043c).
Record Number: 91698
Source Name: Outlook
Time Written: 20090614183936.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8007043c).
Record Number: 91699
Source Name: Outlook
Time Written: 20090614183936.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8007043c).
Record Number: 91700
Source Name: Outlook
Time Written: 20090614183936.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8007043c).
Record Number: 91701
Source Name: Outlook
Time Written: 20090614183936.000000-000
Event Type: Error
User:
Computer Name: Andy-PC
Event Code: 35
Message: Failed to determine if the store is in the crawl scope (error=0x8007043c).
Record Number: 91702
Source Name: Outlook
Time Written: 20090614183936.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Andy-PC
Event Code: 5033
Message: The Windows Firewall Driver has started successfully.
Record Number: 14729
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090614161008.277653-000
Event Type: Audit Success
User:
Computer Name: Andy-PC
Event Code: 5024
Message: The Windows Firewall Service has started successfully.
Record Number: 14730
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090614161008.854857-000
Event Type: Audit Success
User:
Computer Name: Andy-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: ANDY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: Andy
Account Domain: Andy-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x224
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Network Address: 127.0.0.1
Port: 0
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 14731
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090614161034.069930-000
Event Type: Audit Success
User:
Computer Name: Andy-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: ANDY-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 2
New Logon:
Security ID: S-1-5-21-4121480384-1039282611-2231646821-1000
Account Name: Andy
Account Domain: Andy-PC
Logon ID: 0x2715f
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x224
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: ANDY-PC
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 14732
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090614161034.069930-000
Event Type: Audit Success
User:
Computer Name: Andy-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-21-4121480384-1039282611-2231646821-1000
Account Name: Andy
Account Domain: Andy-PC
Logon ID: 0x2715f
Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 14733
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090614161034.069930-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
EOF
IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire 4.18.8
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Also available here.
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.
Step 1
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Additional Notes
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
Now download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
You can delete JavaRa (zip and exe)
Database version: 2283
Windows 6.0.6001 Service Pack 1
6/15/2009 10:30:35 AM
mbam-log-2009-06-15 (10-30-35).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 244360
Time elapsed: 43 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\smart-shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) -> Quarantined and deleted successfully.
c:\Users\Andy\Desktop\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 15, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 15, 2009 12:27:39
Records in database: 2345167
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 153353
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:04:40
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXyhxbkpivsbvcbnbafrbspdyqoyexbupt.dll.vir Infected: Trojan.Win32.Agent.clxm 1
The selected area was scanned.
Thank You so much.
Andy
Disable Addons in FireFox
Start > All Programs > Mozilla FireFox > Mozilla FireFox (Safe Mode)
If it does help, you need to disable all your addons and then re-enable them one by one until you find the one that causes the problem.