Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unable to clean Trojan Vundo [Solved]

Started by Mich73 , Apr 16 2009 03:28 AM

  • This topic is locked This topic is locked

#1
Mich73
Posted 16 April 2009 - 03:28 AM

Mich73

    Member

  • Member
  • PipPip
  • 57 posts
Well I am back to the only place I have found to be helpful. You all are the best.

Since yesterday morning, I have been trying to get rid of this mess on my pc to no avail.

I have done all the standard steps that is posted for trying to remove them. I have ran all programs in safe mode, searched the registry and tried to manually remove them there.

I removed AVG and downloaded Avira which did find the trojans yesterday but since I deleted what I thought to be the fix from the registry, Avira does not find any problems now.

I am not sure what else I have even done as I have tried to follow various suggestions posted for others to do on here but only the ones that were generic instructions.

It's faster now but I get messages that my Microsoft windows is not responding when I first boot up. I get pop up window where its trying to scan my pc and make me download Malwarebytes 9 (I believe). Im not sure if that is my actual pc scanning or something related to all of this.

Here are my logs:

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:228128 Mo/Free:499 Mo)
D:\ [Fixed] - NTFS - (Total:10239 Mo/Free:1650 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)

Thu 04/16/2009| 5:02

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir Desktop\sched.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Windows\System32\wpcumi.exe
---------- C:\Program Files\Winamp\winampa.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
---------- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Windows\system32\dlcxcoms.exe
---------- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
---------- C:\Windows\system32\PSIService.exe
---------- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\system32\wuauclt.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\iTunes\iTunes.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Program Files\AIM\aim.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009|17:24
2 - "C:\Rooter$\Rooter_2.txt" - Thu 04/16/2009| 5:04

----------------------\\ Scan completed at 5:04

OTListIt logfile created on: 4/16/2009 5:24:06 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Users\Michele\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 40.07% Memory free
4.00 Gb Paging File | 2.81 Gb Available in Paging File | 70.37% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 136.48 Gb Free Space | 61.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.61 Gb Free Space | 56.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHELE-PC
Current User Name: Michele
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Windows\system32\dlcxcoms.exe ( )
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Windows\system32\PSIService.exe ()
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Users\Michele\Downloads\OTListIt2(2).exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AERTFilters [On_Demand | Stopped]) -- C:\Windows\system32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (dlcx_device [Auto | Running]) -- C:\Windows\system32\dlcxcoms.exe ( )
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dsNcService [Auto | Running]) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ProtexisLicensing [Auto | Running]) -- C:\Windows\system32\PSIService.exe ()
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Running]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (SQLWriter [Auto | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\Windows\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\Windows\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DLABMFSM [Auto | Running]) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\Windows\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\Windows\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\Windows\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (dsNcAdpt [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\dsNcAdpt.sys (Juniper Networks)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\Windows\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MSDV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Boot | Running]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvrd32 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ssmdrv [System | Running]) -- C:\Windows\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (tmcomm [Auto | Running]) -- C:\Windows\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wanatw [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\WinUSB.SYS (Microsoft Corporation)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.online-sw...eepstakes.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/31 20:07:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/31 20:07:09 | 00,000,000 | ---D | M]

[2009/03/31 17:42:46 | 00,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\mozilla\Extensions
[2008/11/08 12:02:41 | 00,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/31 17:42:46 | 00,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/04/15 08:49:32 | 00,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\mozilla\Firefox\Profiles\6ufdgskr.default\extensions
[2008/03/02 13:50:08 | 00,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\mozilla\Firefox\Profiles\6ufdgskr.default\extensions\{bf2f5099-d9ce-40b1-950d-333b44ef1a24}
[2009/03/31 19:03:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/31 20:07:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/02 20:31:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/31 19:03:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/31 20:06:50 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/31 20:06:50 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/31 20:07:01 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/31 20:07:01 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/31 20:07:01 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/31 20:07:01 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/31 20:07:01 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/31 20:07:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/31 20:07:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {e4ec5335-50b8-4354-ba4b-02802042059d} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CPM6b461233] Rundll32.exe "c:\progra~2\motatuwo\motatuwo.dll",a File not found
O4 - HKLM..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 ()
O4 - HKLM..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CPM6b461233] Rundll32.exe "c:\progra~2\motatuwo\motatuwo.dll",a File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 1021thex.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crrl.org ([www.netlibrary.com.proxy] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itseasytowin.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netlibrary.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sears.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Sites: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: valpak.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: washfm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///E:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...6/uploader2.cab (UploadListView Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://music.5gum.co...loadManager.cab (Hip Digital Download Manager)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237723815333 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238540125445 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///E:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} http://www.trendsecu...asyInstallX.CAB (TSEasyInstallX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/RntX.cab (Live Collaboration)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.c...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://flowers-vpn....SetupClient.cab (JuniperSetupClient Control)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\motatuwo\motatuwo.dll) - c:\progra~2\motatuwo\motatuwo.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\progra~2\motatuwo\motatuwo.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\progra~2\motatuwo\motatuwo.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/16 05:00:47 | 00,000,774 | ---- | C] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2009/04/16 05:00:47 | 00,000,755 | ---- | C] () -- C:\Users\Michele\Desktop\ERUNT.lnk
[2009/04/16 05:00:46 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT4162009
[2009/04/16 04:06:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/16 03:53:52 | 02,182,340 | -H-- | C] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2009/04/15 23:14:12 | 20,767,33440 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/15 21:06:39 | 00,000,000 | ---D | C] -- C:\ProgramData\suvekesa
[2009/04/15 21:06:39 | 00,000,000 | ---D | C] -- C:\ProgramData\fihatoye
[2009/04/15 20:21:12 | 00,000,000 | ---D | C] -- C:\ProgramData\yasijote
[2009/04/15 20:21:12 | 00,000,000 | ---D | C] -- C:\ProgramData\vawakoto
[2009/04/15 20:21:12 | 00,000,000 | ---D | C] -- C:\ProgramData\gedekuye
[2009/04/15 20:20:41 | 00,000,000 | ---D | C] -- C:\ProgramData\pogewaso
[2009/04/15 20:20:41 | 00,000,000 | ---D | C] -- C:\ProgramData\motatuwo
[2009/04/15 20:20:41 | 00,000,000 | ---D | C] -- C:\ProgramData\bijotozu
[2009/04/15 19:49:46 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/04/15 19:30:26 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/04/15 19:30:16 | 00,095,576 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/04/15 19:30:16 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/04/15 19:30:16 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/04/15 19:30:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/04/15 19:30:14 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/15 17:23:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 08:22:23 | 00,000,000 | ---D | C] -- C:\ProgramData\mivalivo
[2009/04/15 08:22:23 | 00,000,000 | ---D | C] -- C:\ProgramData\febudipi
[2009/04/15 06:14:40 | 00,000,000 | ---D | C] -- C:\ProgramData\zutiguhi
[2009/04/15 06:14:40 | 00,000,000 | ---D | C] -- C:\ProgramData\wasikaso
[2009/04/15 06:14:40 | 00,000,000 | ---D | C] -- C:\ProgramData\kizakivu
[2009/04/14 22:49:51 | 00,240,124 | ---- | C] () -- C:\Users\Michele\Desktop\tmobile phone win.docx
[2009/04/14 20:52:36 | 00,002,073 | ---- | C] () -- C:\Users\Public\Desktop\DialIdol.lnk
[2009/04/14 20:52:35 | 00,000,000 | ---D | C] -- C:\Program Files\DialIdol.com
[2009/04/13 15:54:11 | 00,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro X.lnk
[2009/04/12 12:11:35 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/12 12:10:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/12 12:10:36 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/12 12:10:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/31 19:57:31 | 00,000,000 | ---D | C] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/31 19:56:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/31 19:55:50 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/03/31 19:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/31 19:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/03/31 19:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/31 17:42:17 | 00,001,633 | ---- | C] () -- C:\Users\Michele\Desktop\LimeWire 5.1.2.lnk
[2009/03/26 13:07:30 | 00,014,970 | ---- | C] () -- C:\Users\Michele\Documents\Bills to bankrupt.xlsx
[2009/03/22 08:17:10 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/22 08:17:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/22 08:17:08 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/22 08:17:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/22 08:17:08 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/22 08:16:53 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/22 08:16:52 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/21 10:37:17 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/21 10:35:05 | 00,009,334 | ---- | C] () -- C:\Users\Michele\Desktop\SysRestorePoint_v13.zip
[2009/03/19 10:00:19 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/03/05 16:03:38 | 00,000,134 | ---- | C] () -- C:\Windows\System32\09wutili.sys
[2008/11/10 07:12:03 | 00,000,900 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/11/11 11:50:25 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/11/11 11:50:25 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/09/07 14:31:25 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2007/08/19 19:17:35 | 00,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/08/19 19:17:35 | 00,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/08/19 07:05:09 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/08/19 07:05:08 | 00,000,305 | ---- | C] () -- C:\Windows\wininit.ini
[2007/03/19 05:04:58 | 00,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 05:04:58 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 05:04:56 | 00,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 05:04:56 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 05:04:54 | 00,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 05:04:54 | 00,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/28 11:31:44 | 00,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/10/20 21:07:32 | 00,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 21:06:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 21:03:28 | 00,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 20:57:40 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 20:56:52 | 00,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 20:55:28 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 20:54:42 | 00,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 20:48:38 | 00,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 20:46:42 | 00,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/10/11 19:01:40 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 18:59:56 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 18:54:10 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 18:52:34 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 18:51:16 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 18:48:58 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 18:48:14 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 18:47:42 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 18:41:42 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 18:41:04 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 18:37:14 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2006/09/22 07:42:38 | 00,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 00,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 15:58:04 | 00,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/04/24 16:09:58 | 00,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 19:03:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2005/11/18 14:47:26 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

========== Files - Modified Within 30 Days ==========

[2009/04/16 05:00:47 | 00,000,774 | ---- | M] () -- C:\Users\Michele\Desktop\NTREGOPT.lnk
[2009/04/16 05:00:47 | 00,000,755 | ---- | M] () -- C:\Users\Michele\Desktop\ERUNT.lnk
[2009/04/16 04:00:25 | 00,743,386 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/16 04:00:25 | 00,634,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/16 04:00:25 | 00,113,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/16 03:55:29 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/16 03:55:28 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/16 03:55:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/16 03:55:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/16 03:55:16 | 20,767,33440 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/16 03:53:52 | 02,182,340 | -H-- | M] () -- C:\Users\Michele\AppData\Local\IconCache.db
[2009/04/15 22:58:59 | 00,001,356 | ---- | M] () -- C:\Users\Michele\AppData\Local\d3d9caps.dat
[2009/04/15 21:38:33 | 00,011,168 | -H-- | M] () -- C:\ProgramData\kegevadi
[2009/04/15 19:30:26 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/04/15 18:14:04 | 00,000,000 | ---- | M] () -- C:\Users\Michele\AppData\Local\prvlcl.dat
[2009/04/15 17:20:17 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job
[2009/04/15 10:13:33 | 00,017,225 | ---- | M] () -- C:\Users\Michele\Desktop\Wins 2008.xl.xlsx
[2009/04/15 09:43:40 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/14 22:49:51 | 00,240,124 | ---- | M] () -- C:\Users\Michele\Desktop\tmobile phone win.docx
[2009/04/14 20:52:36 | 00,002,073 | ---- | M] () -- C:\Users\Public\Desktop\DialIdol.lnk
[2009/04/13 17:56:04 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/13 15:54:11 | 00,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro X.lnk
[2009/04/12 12:11:35 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/31 19:55:50 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/03/31 19:50:55 | 00,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Media Player.lnk
[2009/03/31 17:42:17 | 00,001,633 | ---- | M] () -- C:\Users\Michele\Desktop\LimeWire 5.1.2.lnk
[2009/03/31 11:00:37 | 00,014,970 | ---- | M] () -- C:\Users\Michele\Documents\Bills to bankrupt.xlsx
[2009/03/26 13:07:34 | 00,027,162 | ---- | M] () -- C:\Users\Michele\Desktop\Debt.xlsx
[2009/03/26 12:33:43 | 00,000,900 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/03/22 09:08:17 | 00,413,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/21 10:35:13 | 00,009,334 | ---- | M] () -- C:\Users\Michele\Desktop\SysRestorePoint_v13.zip
[2009/03/19 10:01:05 | 00,001,045 | -H-- | M] () -- C:\IPH.PH

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Michele\Documents\Jamaica 1.dmsd:Roxio EMC Stream
< End of report >
  • 0

Advertisements

#2
fenzodahl512
Posted 17 April 2009 - 05:15 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..
  • 0

#3
Mich73
Posted 17 April 2009 - 07:18 AM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 6.0.6001 Service Pack 1

4/17/2009 9:17:29 AM
mbam-log-2009-04-17 (09-17-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196855
Time elapsed: 1 hour(s), 25 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6b461233 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm6b461233 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
Mich73
Posted 17 April 2009 - 07:37 AM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michele at 2009-04-17 09:24:00
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 138 GB (60%) free of 228 GB
Total RAM: 1982 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:17 AM, on 4/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Michele\Downloads\RSIT.exe
C:\Program Files\trend micro\Michele.exe
C:\Windows\system32\wbem\unsecapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {e4ec5335-50b8-4354-ba4b-02802042059d} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.1021thex.com
O15 - Trusted Zone: http://www.itseasytowin.com
O15 - Trusted Zone: http://www.netlibrary.com
O15 - Trusted Zone: http://www.sears.com
O15 - Trusted Zone: http://www.valpak.com
O15 - Trusted Zone: http://www.washfm.com
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...6/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} (Hip Digital Download Manager) - http://music.5gum.co...loadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1237723815333
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1238540125445
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file:///E:/win/setup/iamce.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://flowers-vpn....SetupClient.cab
O20 - AppInit_DLLs: c:\progra~2\motatuwo\motatuwo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12676 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-20 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2007-03-16 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ec5335-50b8-4354-ba4b-02802042059d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-20 5759816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-27 81920]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-03 312200]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-05 1830128]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-11-20 160592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-05 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe [2008-08-27 203504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Michele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2007-10-18 479232]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~2\motatuwo\motatuwo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-04-17 09:24:00 ----D---- C:\rsit
2009-04-16 05:43:14 ----A---- C:\Windows\system32\MRT.exe
2009-04-16 05:40:15 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 05:40:11 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 05:40:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 05:40:03 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 05:40:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 05:40:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 05:40:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 05:40:00 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 05:39:56 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 05:39:54 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\occache.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 05:39:51 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 05:39:41 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 05:39:41 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 05:00:46 ----D---- C:\Program Files\ERUNT4162009
2009-04-16 04:06:41 ----D---- C:\VundoFix Backups
2009-04-15 22:27:51 ----A---- C:\Windows\ntbtlog.txt
2009-04-15 21:06:39 ----D---- C:\ProgramData\suvekesa
2009-04-15 21:06:39 ----D---- C:\ProgramData\fihatoye
2009-04-15 20:21:12 ----D---- C:\ProgramData\yasijote
2009-04-15 20:21:12 ----D---- C:\ProgramData\vawakoto
2009-04-15 20:21:12 ----D---- C:\ProgramData\gedekuye
2009-04-15 20:20:41 ----D---- C:\ProgramData\pogewaso
2009-04-15 20:20:41 ----D---- C:\ProgramData\motatuwo
2009-04-15 20:20:41 ----D---- C:\ProgramData\bijotozu
2009-04-15 19:49:46 ----D---- C:\Avenger
2009-04-15 19:49:46 ----A---- C:\avenger.txt
2009-04-15 19:30:14 ----D---- C:\ProgramData\Avira
2009-04-15 19:30:14 ----D---- C:\Program Files\Avira
2009-04-15 17:24:17 ----A---- C:\Rooter.txt
2009-04-15 17:23:43 ----D---- C:\Rooter$
2009-04-15 08:22:23 ----D---- C:\ProgramData\mivalivo
2009-04-15 08:22:23 ----D---- C:\ProgramData\febudipi
2009-04-15 06:14:40 ----D---- C:\ProgramData\zutiguhi
2009-04-15 06:14:40 ----D---- C:\ProgramData\wasikaso
2009-04-15 06:14:40 ----D---- C:\ProgramData\kizakivu
2009-04-14 20:52:35 ----D---- C:\Program Files\DialIdol.com
2009-04-12 12:10:56 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-12 12:10:39 ----D---- C:\Program Files\iPod
2009-04-12 12:10:36 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 12:10:36 ----D---- C:\Program Files\iTunes
2009-03-31 19:57:31 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-31 19:56:26 ----D---- C:\Program Files\Bonjour
2009-03-31 19:55:39 ----D---- C:\Program Files\QuickTime
2009-03-31 19:50:54 ----D---- C:\Program Files\Adobe Media Player
2009-03-31 19:50:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-31 19:03:42 ----A---- C:\Windows\system32\javaws.exe
2009-03-31 19:03:42 ----A---- C:\Windows\system32\javaw.exe
2009-03-31 19:03:42 ----A---- C:\Windows\system32\java.exe
2009-03-22 08:17:10 ----A---- C:\Windows\system32\wmp.dll
2009-03-22 08:17:09 ----A---- C:\Windows\system32\spwmp.dll
2009-03-22 08:17:08 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-22 08:17:08 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-22 08:16:52 ----A---- C:\Windows\system32\schannel.dll
2009-03-21 10:37:17 ----D---- C:\Windows\ERDNT
2009-03-19 10:00:19 ----D---- C:\Program Files\AIM6
2009-03-16 13:44:55 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-03-16 13:44:37 ----D---- C:\Users\Michele\AppData\Roaming\SUPERAntiSpyware.com
2009-03-16 13:44:37 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-16 13:43:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-16 13:16:27 ----A---- C:\Windows\system32\avgrep.txt
2009-03-05 23:59:00 ----A---- C:\Windows\system32\usbaaplrc.dll
2009-03-05 21:47:53 ----D---- C:\Program Files\Safari
2009-02-24 20:37:00 ----D---- C:\Users\Michele\AppData\Roaming\DriverCure
2009-02-24 20:36:55 ----D---- C:\ProgramData\ParetoLogic
2009-02-24 20:36:55 ----D---- C:\ProgramData\DriverCure
2009-02-16 07:11:57 ----D---- C:\Users\Michele\AppData\Roaming\TuneUp Software
2009-02-16 07:11:35 ----D---- C:\ProgramData\TuneUp Software
2009-02-16 07:10:37 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-16 06:31:30 ----D---- C:\Users\Michele\AppData\Roaming\IObit
2009-02-16 06:31:29 ----D---- C:\Program Files\IObit
2009-02-16 06:14:46 ----D---- C:\Program Files\Uniblue
2009-02-13 19:13:36 ----A---- C:\Windows\system32\tzres.dll
2009-02-13 19:06:39 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\icardres.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\icardagt.exe
2009-02-13 19:06:37 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-13 19:06:36 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-13 19:00:46 ----A---- C:\Windows\system32\dfshim.dll
2009-02-13 19:00:40 ----A---- C:\Windows\system32\mscoree.dll
2009-02-13 19:00:38 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-13 19:00:27 ----A---- C:\Windows\system32\mscorier.dll
2009-02-13 19:00:23 ----A---- C:\Windows\system32\mscories.dll
2009-02-13 18:58:01 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-02-13 18:57:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-02-13 18:57:56 ----A---- C:\Windows\system32\gdi32.dll
2009-02-13 18:57:54 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-02-13 18:57:53 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-02-13 18:57:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-02-13 18:57:51 ----A---- C:\Windows\explorer.exe
2009-02-13 18:57:48 ----A---- C:\Windows\system32\EncDec.dll
2009-02-13 18:57:45 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-13 18:57:37 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-02-13 18:57:34 ----A---- C:\Windows\system32\shell32.dll
2009-02-13 18:57:19 ----A---- C:\Windows\system32\wersvc.dll
2009-02-13 18:57:19 ----A---- C:\Windows\system32\Faultrep.dll
2009-02-13 18:53:54 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-02-13 18:53:54 ----A---- C:\Windows\system32\mf.dll
2009-02-13 18:53:53 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-02-13 18:53:53 ----A---- C:\Windows\system32\logagent.exe
2009-02-13 18:53:51 ----A---- C:\Windows\system32\connect.dll
2009-02-04 14:24:05 ----D---- C:\Users\Michele\AppData\Roaming\TaxCut
2009-02-04 14:19:22 ----D---- C:\Program Files\TaxCut08
2009-02-04 14:19:22 ----D---- C:\Program Files\PDF995
2009-02-04 14:17:21 ----D---- C:\ProgramData\TaxCut
2009-02-04 12:47:21 ----D---- C:\Program Files\Trillian
2009-01-29 19:45:16 ----A---- C:\Windows\system32\lsdelete.exe
2009-01-29 18:55:01 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 18:54:51 ----D---- C:\Program Files\Lavasoft
2009-01-20 12:50:31 ----D---- C:\Users\Michele\AppData\Roaming\Aim
2009-01-20 12:49:15 ----D---- C:\Program Files\AOD
2009-01-20 12:49:00 ----D---- C:\Program Files\AIM
2009-01-19 07:21:41 ----D---- C:\ProgramData\PCPitstop
2009-01-19 07:21:34 ----D---- C:\Program Files\PCPitstop

======List of files/folders modified in the last 3 months======

2009-04-17 09:24:17 ----D---- C:\Program Files\Trend Micro
2009-04-17 09:24:13 ----D---- C:\Windows\Prefetch
2009-04-17 09:24:05 ----D---- C:\Windows\Temp
2009-04-17 09:22:06 ----D---- C:\Program Files\Dl_cats
2009-04-17 00:00:18 ----SHD---- C:\System Volume Information
2009-04-16 15:50:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-16 15:30:06 ----D---- C:\Users\Michele\AppData\Roaming\Corel
2009-04-16 12:56:59 ----D---- C:\Windows\System32
2009-04-16 12:56:59 ----D---- C:\Windows\inf
2009-04-16 12:56:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-16 06:03:02 ----D---- C:\Windows\system32\wbem
2009-04-16 06:03:02 ----D---- C:\Windows\system32\manifeststore
2009-04-16 06:03:02 ----D---- C:\Windows\AppPatch
2009-04-16 06:03:02 ----D---- C:\Program Files\Internet Explorer
2009-04-16 05:44:52 ----D---- C:\Windows\winsxs
2009-04-16 05:43:15 ----D---- C:\Windows\Debug
2009-04-16 05:43:07 ----SHD---- C:\Windows\Installer
2009-04-16 05:43:06 ----D---- C:\ProgramData\Microsoft Help
2009-04-16 05:39:47 ----D---- C:\Windows\system32\catroot
2009-04-16 05:39:39 ----D---- C:\Windows\system32\catroot2
2009-04-16 05:00:46 ----RD---- C:\Program Files
2009-04-15 23:18:42 ----D---- C:\Windows
2009-04-15 22:06:36 ----D---- C:\Windows\system32\drivers
2009-04-15 22:06:16 ----D---- C:\Program Files\IrfanView
2009-04-15 21:06:39 ----D---- C:\ProgramData
2009-04-15 09:43:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 15:53:04 ----SD---- C:\Windows\Downloaded Program Files
2009-04-13 15:53:03 ----D---- C:\Program Files\corel
2009-04-13 15:53:03 ----D---- C:\Program Files\Common Files\Corel
2009-04-13 15:50:26 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-12 13:34:45 ----D---- C:\Users\Michele\AppData\Roaming\LimeWire
2009-04-12 12:10:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-12 12:10:38 ----D---- C:\Program Files\Common Files\Apple
2009-04-03 15:48:49 ----D---- C:\Windows\system32\Macromed
2009-03-31 20:07:10 ----D---- C:\Program Files\Mozilla Firefox
2009-03-31 19:50:43 ----D---- C:\Program Files\Common Files
2009-03-31 19:42:58 ----D---- C:\Windows\system32\Tasks
2009-03-31 19:03:39 ----D---- C:\Program Files\Java
2009-03-31 18:58:15 ----D---- C:\Program Files\Windows Mail
2009-03-22 09:10:35 ----D---- C:\ProgramData\NVIDIA
2009-03-22 09:07:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-22 08:56:49 ----D---- C:\Program Files\Windows Media Player
2009-03-15 12:10:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
2009-03-05 21:48:44 ----D---- C:\Users\Michele\AppData\Roaming\Apple Computer
2009-03-05 17:22:12 ----D---- C:\ProgramData\Symantec
2009-03-05 17:22:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-05 16:18:51 ----D---- C:\Windows\Downloaded Installations
2009-03-05 15:56:57 ----D---- C:\Windows\Tasks
2009-02-17 15:06:42 ----D---- C:\Windows\Minidump
2009-02-16 06:53:33 ----D---- C:\Users\Michele\AppData\Roaming\webex
2009-02-16 06:52:45 ----D---- C:\Windows\system32\config
2009-02-16 06:52:36 ----D---- C:\Windows\Panther
2009-02-16 06:52:35 ----D---- C:\ProgramData\Roxio
2009-02-16 06:52:35 ----D---- C:\Program Files\Dell PC Fax
2009-02-16 06:52:34 ----D---- C:\TEMP
2009-02-16 06:26:30 ----D---- C:\Windows\system32\HouseCall 6.6
2009-02-16 06:23:41 ----D---- C:\Program Files\Coupons
2009-02-16 06:15:49 ----D---- C:\Users\Michele\AppData\Roaming\Uniblue
2009-02-13 20:06:33 ----D---- C:\Windows\Microsoft.NET
2009-02-13 20:05:44 ----RSD---- C:\Windows\assembly
2009-02-13 19:51:22 ----D---- C:\Windows\rescache
2009-02-13 19:29:30 ----D---- C:\Windows\system32\en-US
2009-02-13 19:29:30 ----D---- C:\Windows\ehome
2009-02-13 19:29:25 ----D---- C:\Windows\system32\XPSViewer
2009-02-04 14:20:19 ----RSD---- C:\Windows\Fonts
2009-02-02 07:49:14 ----D---- C:\Windows\system32\Msdtc
2009-02-02 07:41:38 ----D---- C:\Windows\system32\spool
2009-02-02 07:41:35 ----D---- C:\Windows\registration
2009-01-20 12:49:16 ----D---- C:\ProgramData\Viewpoint
2009-01-20 12:36:20 ----D---- C:\Program Files\Common Files\AOL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys [2007-08-01 102664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\Windows\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 23552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 gttap1;GoTrusted TAP Adapter; C:\Windows\system32\DRIVERS\gttap1.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2007-08-23 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-03-23 129832]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-12-27 423280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

Edited by Mich73, 17 April 2009 - 08:25 AM.

  • 0

#5
Mich73
Posted 17 April 2009 - 08:25 AM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
info.txt logfile of random's system information tool 1.06 2009-04-17 09:24:19

======Uninstall list======

-->C:\Windows\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\Windows\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\Windows\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera Control Pro 2-->MsiExec.exe /X{FE96C49B-DB90-405E-A00E-09E38372F880}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
Conexant D850 PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DialIdol-->MsiExec.exe /I{0DF801A5-0667-4F86-9610-B9A1BF8FF7DC}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
eMusic Download Manager 3.0-->C:\Program Files\eMusic Download Manager\uninst.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT4162009\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Fax Solutions-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Golden Records-->C:\Program Files\NCH Swift Sound\Golden\uninst.exe
GPL Ghostscript Lite 8.63-->"C:\Program Files\GSLITE\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Juniper Networks Network Connect 6.0.0-->"C:\Program Files\Juniper Networks\Network Connect 6.0.0\uninstall.exe"
LimeWire 5.1.2-->"C:\Users\Michele\Desktop\My eMusic\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007-->MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIANetworkDiagnostic-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EFAD4066-CAF3-4B27-9669-12EED352C376}
PCsync-->MsiExec.exe /X{F3885DDF-E711-4F14-B4C9-5CA3F07A13E9}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Radio365 2.0-->C:\PROGRA~1\Live365\Radio365\UNWISE.EXE C:\PROGRA~1\Live365\Radio365\INSTALL.LOG
RapidPlayer v5.0 ActiveX Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Safari-->MsiExec.exe /I{AF10D7E4-D29A-45DA-8050-B116097B69B5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TaxCut Premium + State + Efile 2008-->MsiExec.exe /X{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}
TaxCut Virginia 2008-->MsiExec.exe /X{D55D73C4-E4D1-4EC2-9BA9-3068AE2006D8}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall

======Security center information======

AS: Lavasoft Ad-Watch Live!
AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Michele-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 139000
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090417132137.606599-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 3095
Message: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
Record Number: 139002
Source Name: NETLOGON
Time Written: 20090417132147.000000-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 139038
Source Name: Service Control Manager
Time Written: 20090417132307.000000-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 7022
Message: The Diagnostic Service Host service hung on starting.
Record Number: 139075
Source Name: Service Control Manager
Time Written: 20090417132329.000000-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 7034
Message: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
Record Number: 139077
Source Name: Service Control Manager
Time Written: 20090417132329.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Michele-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 35218
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090416031332.000000-000
Event Type: Warning
User:

Computer Name: Michele-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 35221
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090416031332.000000-000
Event Type: Warning
User:

Computer Name: Michele-PC
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3372, time stamp 0x49cbcea4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00610077, process id 0x560, application start time 0x01c9be621e9a6d8c.
Record Number: 35254
Source Name: Application Error
Time Written: 20090416074237.000000-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 1002
Message: The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 7a8 Start Time: 01c9be68b3946625 Termination Time: 0
Record Number: 35284
Source Name: Application Hang
Time Written: 20090416080109.000000-000
Event Type: Error
User:

Computer Name: Michele-PC
Event Code: 1
Message: The application (Acrobat Reader 7.*, from vendor Adobe) has the following problem: Acrobat Reader 7.* has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Adobe.
Record Number: 35303
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20090416095241.835927-000
Event Type: Warning
User: Michele-PC\Michele

=====Security event log=====

Computer Name: Michele-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 49180
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417132415.807209-000
Event Type: Audit Failure
User:

Computer Name: Michele-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 49181
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417132415.838409-000
Event Type: Audit Failure
User:

Computer Name: Michele-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 49182
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417132415.869609-000
Event Type: Audit Failure
User:

Computer Name: Michele-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 49183
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417132415.900809-000
Event Type: Audit Failure
User:

Computer Name: Michele-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 49184
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417132415.947609-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Qloud\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#6
Mich73
Posted 17 April 2009 - 08:27 AM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
And the last one.

Thanks so much for your help!

Attached Files

  • Attached File  GMER.txt   6.55KB   133 downloads

  • 0

#7
fenzodahl512
Posted 17 April 2009 - 08:35 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Open OTListIt2 then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:services

:files
c:\progra~2\motatuwo
C:\ProgramData\suvekesa
C:\ProgramData\fihatoye
C:\ProgramData\yasijote
C:\ProgramData\vawakoto
C:\ProgramData\gedekuye
C:\ProgramData\pogewaso
C:\ProgramData\motatuwo
C:\ProgramData\bijotozu
C:\ProgramData\mivalivo
C:\ProgramData\febudipi
C:\ProgramData\zutiguhi
C:\ProgramData\wasikaso
C:\ProgramData\kizakivu

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ec5335-50b8-4354-ba4b-02802042059d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...


Then run RSIT again and post the log here..
  • 0

#8
Mich73
Posted 17 April 2009 - 08:23 PM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== FILES ==========
c:\progra~2\motatuwo moved successfully.
C:\ProgramData\suvekesa moved successfully.
C:\ProgramData\fihatoye moved successfully.
C:\ProgramData\yasijote moved successfully.
C:\ProgramData\vawakoto moved successfully.
C:\ProgramData\gedekuye moved successfully.
C:\ProgramData\pogewaso moved successfully.
File/Folder C:\ProgramData\motatuwo not found.
C:\ProgramData\bijotozu moved successfully.
C:\ProgramData\mivalivo moved successfully.
C:\ProgramData\febudipi moved successfully.
C:\ProgramData\zutiguhi moved successfully.
C:\ProgramData\wasikaso moved successfully.
C:\ProgramData\kizakivu moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4ec5335-50b8-4354-ba4b-02802042059d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4ec5335-50b8-4354-ba4b-02802042059d}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\Michele\AppData\Local\Temp\etilqs_7CX4GSHLAidFL7ygiRw3 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04172009_221541

Files moved on Reboot...
File C:\Users\Michele\AppData\Local\Temp\etilqs_7CX4GSHLAidFL7ygiRw3 not found!
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\urlclassifier3.sqlite moved successfully.
C:\Users\Michele\AppData\Local\Mozilla\Firefox\Profiles\6ufdgskr.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
Mich73
Posted 17 April 2009 - 08:31 PM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Logfile of random's system information tool 1.06 (written by random/random)
Run by Michele at 2009-04-17 22:31:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 137 GB (60%) free of 228 GB
Total RAM: 1982 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:30 PM, on 4/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Michele\Downloads\RSIT.exe
C:\Program Files\trend micro\Michele.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.1021thex.com
O15 - Trusted Zone: http://www.netlibrary.com
O15 - Trusted Zone: http://www.sears.com
O15 - Trusted Zone: http://www.washfm.com
O16 - DPF: vzTCPConfig - http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file:///E:/win/setup/iaieplay.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...6/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} (Hip Digital Download Manager) - http://music.5gum.co...loadManager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1237723815333
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1238540125445
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file:///E:/win/setup/iamce.dll
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.cust...l/java/RntX.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://flowers-vpn....SetupClient.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12687 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{38373818-AF7C-4797-B6B5-F2B48C191FAA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-20 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2007-03-16 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-20 5759816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-27 81920]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-03 312200]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-03 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-05 1830128]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-11-20 160592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-05 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
C:\Program Files\PCPitstop\Optimize2\Reminder.exe [2008-08-27 203504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Michele^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
C:\PROGRA~1\COMMON~1\Nikon\Monitor\NKMONI~1.EXE [2007-10-18 479232]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-04-17 22:15:41 ----D---- C:\_OTListIt
2009-04-17 09:53:37 ----D---- C:\ProgramData\WinZip
2009-04-17 09:53:32 ----D---- C:\Program Files\WinZip
2009-04-17 09:24:00 ----D---- C:\rsit
2009-04-16 05:43:14 ----A---- C:\Windows\system32\MRT.exe
2009-04-16 05:40:15 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 05:40:11 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 05:40:11 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 05:40:03 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 05:40:03 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 05:40:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 05:40:01 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 05:40:00 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 05:40:00 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 05:39:56 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 05:39:54 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 05:39:53 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\occache.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 05:39:52 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 05:39:51 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 05:39:42 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 05:39:41 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 05:39:41 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 05:00:46 ----D---- C:\Program Files\ERUNT4162009
2009-04-16 04:06:41 ----D---- C:\VundoFix Backups
2009-04-15 22:27:51 ----A---- C:\Windows\ntbtlog.txt
2009-04-15 19:49:46 ----D---- C:\Avenger
2009-04-15 19:49:46 ----A---- C:\avenger.txt
2009-04-15 19:30:14 ----D---- C:\ProgramData\Avira
2009-04-15 19:30:14 ----D---- C:\Program Files\Avira
2009-04-15 17:24:17 ----A---- C:\Rooter.txt
2009-04-15 17:23:43 ----D---- C:\Rooter$
2009-04-14 20:52:35 ----D---- C:\Program Files\DialIdol.com
2009-04-12 12:10:56 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-12 12:10:39 ----D---- C:\Program Files\iPod
2009-04-12 12:10:36 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 12:10:36 ----D---- C:\Program Files\iTunes
2009-03-31 19:57:31 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-31 19:56:26 ----D---- C:\Program Files\Bonjour
2009-03-31 19:55:39 ----D---- C:\Program Files\QuickTime
2009-03-31 19:50:54 ----D---- C:\Program Files\Adobe Media Player
2009-03-31 19:50:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-31 19:03:42 ----A---- C:\Windows\system32\javaws.exe
2009-03-31 19:03:42 ----A---- C:\Windows\system32\javaw.exe
2009-03-31 19:03:42 ----A---- C:\Windows\system32\java.exe
2009-03-22 08:17:10 ----A---- C:\Windows\system32\wmp.dll
2009-03-22 08:17:09 ----A---- C:\Windows\system32\spwmp.dll
2009-03-22 08:17:08 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-22 08:17:08 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-22 08:16:52 ----A---- C:\Windows\system32\schannel.dll
2009-03-21 10:37:17 ----D---- C:\Windows\ERDNT
2009-03-19 10:00:19 ----D---- C:\Program Files\AIM6
2009-03-16 13:44:55 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-03-16 13:44:37 ----D---- C:\Users\Michele\AppData\Roaming\SUPERAntiSpyware.com
2009-03-16 13:44:37 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-16 13:43:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-16 13:16:27 ----A---- C:\Windows\system32\avgrep.txt
2009-03-05 23:59:00 ----A---- C:\Windows\system32\usbaaplrc.dll
2009-03-05 21:47:53 ----D---- C:\Program Files\Safari
2009-02-24 20:37:00 ----D---- C:\Users\Michele\AppData\Roaming\DriverCure
2009-02-24 20:36:55 ----D---- C:\ProgramData\ParetoLogic
2009-02-24 20:36:55 ----D---- C:\ProgramData\DriverCure
2009-02-16 07:11:57 ----D---- C:\Users\Michele\AppData\Roaming\TuneUp Software
2009-02-16 07:11:35 ----D---- C:\ProgramData\TuneUp Software
2009-02-16 07:10:37 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-16 06:31:30 ----D---- C:\Users\Michele\AppData\Roaming\IObit
2009-02-16 06:31:29 ----D---- C:\Program Files\IObit
2009-02-16 06:14:46 ----D---- C:\Program Files\Uniblue
2009-02-13 19:13:36 ----A---- C:\Windows\system32\tzres.dll
2009-02-13 19:06:39 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\icardres.dll
2009-02-13 19:06:38 ----A---- C:\Windows\system32\icardagt.exe
2009-02-13 19:06:37 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-13 19:06:36 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-13 19:00:46 ----A---- C:\Windows\system32\dfshim.dll
2009-02-13 19:00:40 ----A---- C:\Windows\system32\mscoree.dll
2009-02-13 19:00:38 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-13 19:00:27 ----A---- C:\Windows\system32\mscorier.dll
2009-02-13 19:00:23 ----A---- C:\Windows\system32\mscories.dll
2009-02-13 18:58:01 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-02-13 18:57:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-02-13 18:57:56 ----A---- C:\Windows\system32\gdi32.dll
2009-02-13 18:57:54 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-02-13 18:57:53 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-02-13 18:57:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-02-13 18:57:51 ----A---- C:\Windows\explorer.exe
2009-02-13 18:57:48 ----A---- C:\Windows\system32\EncDec.dll
2009-02-13 18:57:45 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-13 18:57:37 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-02-13 18:57:34 ----A---- C:\Windows\system32\shell32.dll
2009-02-13 18:57:19 ----A---- C:\Windows\system32\wersvc.dll
2009-02-13 18:57:19 ----A---- C:\Windows\system32\Faultrep.dll
2009-02-13 18:53:54 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-02-13 18:53:54 ----A---- C:\Windows\system32\mf.dll
2009-02-13 18:53:53 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-02-13 18:53:53 ----A---- C:\Windows\system32\logagent.exe
2009-02-13 18:53:51 ----A---- C:\Windows\system32\connect.dll
2009-02-04 14:24:05 ----D---- C:\Users\Michele\AppData\Roaming\TaxCut
2009-02-04 14:19:22 ----D---- C:\Program Files\TaxCut08
2009-02-04 14:19:22 ----D---- C:\Program Files\PDF995
2009-02-04 14:17:21 ----D---- C:\ProgramData\TaxCut
2009-02-04 12:47:21 ----D---- C:\Program Files\Trillian
2009-01-29 19:45:16 ----A---- C:\Windows\system32\lsdelete.exe
2009-01-29 18:55:01 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-29 18:54:51 ----D---- C:\Program Files\Lavasoft
2009-01-20 12:50:31 ----D---- C:\Users\Michele\AppData\Roaming\Aim
2009-01-20 12:49:15 ----D---- C:\Program Files\AOD
2009-01-20 12:49:00 ----D---- C:\Program Files\AIM
2009-01-19 07:21:41 ----D---- C:\ProgramData\PCPitstop
2009-01-19 07:21:34 ----D---- C:\Program Files\PCPitstop

======List of files/folders modified in the last 3 months======

2009-04-17 22:31:29 ----D---- C:\Windows\Temp
2009-04-17 22:31:29 ----D---- C:\Program Files\Trend Micro
2009-04-17 22:24:47 ----D---- C:\Windows\Prefetch
2009-04-17 22:23:34 ----D---- C:\Windows\System32
2009-04-17 22:23:34 ----D---- C:\Windows\inf
2009-04-17 22:23:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-17 22:19:50 ----D---- C:\Program Files\Dl_cats
2009-04-17 22:15:42 ----D---- C:\ProgramData
2009-04-17 09:54:07 ----SHD---- C:\Windows\Installer
2009-04-17 09:53:32 ----RD---- C:\Program Files
2009-04-17 09:53:11 ----SHD---- C:\System Volume Information
2009-04-16 15:50:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-16 15:30:06 ----D---- C:\Users\Michele\AppData\Roaming\Corel
2009-04-16 06:03:02 ----D---- C:\Windows\system32\wbem
2009-04-16 06:03:02 ----D---- C:\Windows\system32\manifeststore
2009-04-16 06:03:02 ----D---- C:\Windows\AppPatch
2009-04-16 06:03:02 ----D---- C:\Program Files\Internet Explorer
2009-04-16 05:44:52 ----D---- C:\Windows\winsxs
2009-04-16 05:43:15 ----D---- C:\Windows\Debug
2009-04-16 05:43:06 ----D---- C:\ProgramData\Microsoft Help
2009-04-16 05:39:47 ----D---- C:\Windows\system32\catroot
2009-04-16 05:39:39 ----D---- C:\Windows\system32\catroot2
2009-04-15 23:18:42 ----D---- C:\Windows
2009-04-15 22:06:36 ----D---- C:\Windows\system32\drivers
2009-04-15 22:06:16 ----D---- C:\Program Files\IrfanView
2009-04-15 09:43:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 15:53:04 ----SD---- C:\Windows\Downloaded Program Files
2009-04-13 15:53:03 ----D---- C:\Program Files\corel
2009-04-13 15:53:03 ----D---- C:\Program Files\Common Files\Corel
2009-04-13 15:50:26 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-12 13:34:45 ----D---- C:\Users\Michele\AppData\Roaming\LimeWire
2009-04-12 12:10:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-12 12:10:38 ----D---- C:\Program Files\Common Files\Apple
2009-04-03 15:48:49 ----D---- C:\Windows\system32\Macromed
2009-03-31 20:07:10 ----D---- C:\Program Files\Mozilla Firefox
2009-03-31 19:50:43 ----D---- C:\Program Files\Common Files
2009-03-31 19:42:58 ----D---- C:\Windows\system32\Tasks
2009-03-31 19:03:39 ----D---- C:\Program Files\Java
2009-03-31 18:58:15 ----D---- C:\Program Files\Windows Mail
2009-03-22 09:10:35 ----D---- C:\ProgramData\NVIDIA
2009-03-22 09:07:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-22 08:56:49 ----D---- C:\Program Files\Windows Media Player
2009-03-15 12:10:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
2009-03-05 21:48:44 ----D---- C:\Users\Michele\AppData\Roaming\Apple Computer
2009-03-05 17:22:12 ----D---- C:\ProgramData\Symantec
2009-03-05 17:22:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-05 16:18:51 ----D---- C:\Windows\Downloaded Installations
2009-03-05 15:56:57 ----D---- C:\Windows\Tasks
2009-02-17 15:06:42 ----D---- C:\Windows\Minidump
2009-02-16 06:53:33 ----D---- C:\Users\Michele\AppData\Roaming\webex
2009-02-16 06:52:45 ----D---- C:\Windows\system32\config
2009-02-16 06:52:36 ----D---- C:\Windows\Panther
2009-02-16 06:52:35 ----D---- C:\ProgramData\Roxio
2009-02-16 06:52:35 ----D---- C:\Program Files\Dell PC Fax
2009-02-16 06:52:34 ----D---- C:\TEMP
2009-02-16 06:26:30 ----D---- C:\Windows\system32\HouseCall 6.6
2009-02-16 06:23:41 ----D---- C:\Program Files\Coupons
2009-02-16 06:15:49 ----D---- C:\Users\Michele\AppData\Roaming\Uniblue
2009-02-13 20:06:33 ----D---- C:\Windows\Microsoft.NET
2009-02-13 20:05:44 ----RSD---- C:\Windows\assembly
2009-02-13 19:51:22 ----D---- C:\Windows\rescache
2009-02-13 19:29:30 ----D---- C:\Windows\system32\en-US
2009-02-13 19:29:30 ----D---- C:\Windows\ehome
2009-02-13 19:29:25 ----D---- C:\Windows\system32\XPSViewer
2009-02-04 14:20:19 ----RSD---- C:\Windows\Fonts
2009-02-02 07:49:14 ----D---- C:\Windows\system32\Msdtc
2009-02-02 07:41:38 ----D---- C:\Windows\system32\spool
2009-02-02 07:41:35 ----D---- C:\Windows\registration
2009-01-20 12:49:16 ----D---- C:\ProgramData\Viewpoint
2009-01-20 12:36:20 ----D---- C:\Program Files\Common Files\AOL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys [2007-08-01 102664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\Windows\system32\DRIVERS\dsNcAdpt.sys [2007-12-27 23552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-15 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-03 7460320]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 gttap1;GoTrusted TAP Adapter; C:\Windows\system32\DRIVERS\gttap1.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2007-08-23 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-03-23 129832]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2007-12-27 423280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-03 118784]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S3 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------
  • 0

#10
fenzodahl512
Posted 17 April 2009 - 08:41 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :)
  • 0

Advertisements

#11
Mich73
Posted 18 April 2009 - 07:59 AM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I was running the ESET program last night that's why I hadn't posted the results yet. However, when I ran it a trojan warning popped up from Avira. The first scan showed 2 problems on ESET and I tried to find the log but its' not anywhere on my C drive even when I did a search.

I reran it twice this morning and it appears to find nothing but again I can't find the log. And it's not in my list of installed programs.

Is there another way to try to find that txt log?
  • 0

#12
fenzodahl512
Posted 18 April 2009 - 11:25 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Don't worry about that.. Just run a full scan with your own antivirus (Avira) and tell me whether Avira found any infection.. Post the Avira log if possible
  • 0

#13
Mich73
Posted 18 April 2009 - 09:39 PM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
whew...I was finally able to run Avira in safemode. My pc was running super slow, now its a bit faster to where I can pull up a webpage in under a minute. lol

Here is the log.



Avira AntiVir Personal
Report file date: Saturday, April 18, 2009 22:09

Scanning for 1356201 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Save mode
Username : Michele
Computer name : MICHELE-PC

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 16:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 00:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 4/16/2009 23:31:02
ANTIVIR3.VDF : 7.1.3.73 25088 Bytes 4/18/2009 23:35:21
Engineversion : 8.2.0.148
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 21:36:42
AESCRIPT.DLL : 8.1.1.75 373113 Bytes 4/16/2009 00:25:32
AESCN.DLL : 8.1.1.10 127348 Bytes 4/16/2009 00:25:32
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 22:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 4/17/2009 23:32:00
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 00:01:56
AEHEUR.DLL : 8.1.0.119 1724791 Bytes 4/17/2009 23:32:00
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 00:01:56
AEGEN.DLL : 8.1.1.36 340341 Bytes 4/17/2009 23:31:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 18:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 4/16/2009 00:25:30
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 11:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 15:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 19:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, April 18, 2009 22:09

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'aim.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
20 processes with 20 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <RECOVERY>


End of the scan: Saturday, April 18, 2009 22:57
Used time: 47:32 Minute(s)

The scan has been done completely.

23929 Scanned directories
355100 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
355099 Files not concerned
4822 Archives were scanned
1 Warnings
1 Notes
  • 0

#14
fenzodahl512
Posted 19 April 2009 - 04:04 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#15
Mich73
Posted 20 April 2009 - 03:05 PM

Mich73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Seems to be working much better. Still a bit slow but I will read the links you provided. Thanks so much for your help. My daughter has the same mess on her pc, so hopefully these instructions will clear hers up as well. If not...I'll be back. lol
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP