Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Error Messages When Booting Up nitekufi.dll & dinibafi.dll


  • This topic is locked This topic is locked
21 replies to this topic

#1 CarleeMay

CarleeMay

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 December 2008 - 09:40 AM

My son was On The computer Last night and he must of clicked on something because I have been getting pop ups like crazy even though my pop up blobker is on and my computer is running slow etc.. I did a scan with malwarebytes and it showed 16 infections...I clicked remove and it said that some of them will be removed on my next reboot. Now when I reboot I get those two messages error loading c:\WINDOWS\system32\dinibafi.dll which was identified as a Trojan BHO and Error loading C:\WINDOWS\system32\nitekufi.dll which was identified as a Trojan Agent...Both sepcified Modules could not be found. My computer is still messed up so here are the log files:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Carlee Minchin at 2008-12-11 08:23:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (14%) free of 238 GB
Total RAM: 1022 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:10 AM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Carlee Minchin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Carlee Minchin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {b50bb4ac-47b7-4a9d-b1dd-f04fc1eaedfe} - C:\WINDOWS\system32\defiwote.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carleemay7415.spaces.live.com/Photo...ad/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...257/mcfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.11.cab?
O20 - AppInit_DLLs: C:\WINDOWS\system32\kegigena.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13002 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-12 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-12 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b50bb4ac-47b7-4a9d-b1dd-f04fc1eaedfe}]
C:\WINDOWS\system32\defiwote.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-12 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-12 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-27 8429568]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2007-03-08 49152]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16132608]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-13 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-24 17920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-02-06 478800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-23 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\kegigena.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kegigena.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe"="C:\Program Files\THQ\MX vs ATV Unleashed\MXvsATV.exe:*:Enabled:MXvsATV"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"="C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"="C:\Program Files\Alwil Software\Avast4\ashServ.exe:*:Enabled:ashServ"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:GoogleDesktop"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7beb6f7-f425-11dc-a082-001aa08fa97f}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-11 08:23:01 ----D---- C:\rsit
2008-12-06 21:12:39 ----D---- C:\WINDOWS\system32\QuickTime
2008-12-06 21:08:25 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-06 21:08:24 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-06 21:08:21 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-06 21:08:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-02 19:26:18 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-02 19:26:17 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-02 19:26:17 ----A---- C:\WINDOWS\system32\java.exe
2008-11-28 12:34:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-28 12:33:43 ----SHD---- C:\RECYCLER
2008-11-28 01:12:18 ----A---- C:\ComboFix.txt
2008-11-28 01:06:53 ----D---- C:\Combo-Fix
2008-11-27 19:02:47 ----A---- C:\Boot.bak
2008-11-27 19:02:39 ----RASHD---- C:\cmdcons
2008-11-27 19:00:58 ----A---- C:\WINDOWS\zip.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\VFIND.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\SWSC.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\SWREG.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\sed.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\grep.exe
2008-11-27 19:00:58 ----A---- C:\WINDOWS\fdsv.exe
2008-11-27 19:00:53 ----D---- C:\WINDOWS\ERDNT
2008-11-27 19:00:53 ----D---- C:\Qoobox
2008-11-26 23:53:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-26 01:25:22 ----A---- C:\WINDOWS\SIGVERIF.TXT
2008-11-25 21:20:23 ----D---- C:\WINDOWS\Prefetch
2008-11-25 21:02:43 ----SHD---- C:\Config.Msi
2008-11-25 20:53:56 ----D---- C:\WINDOWS\pss
2008-11-25 16:47:47 ----D---- C:\Program Files\Trend Micro
2008-11-25 11:15:58 ----D---- C:\SDFix
2008-11-13 00:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 00:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 00:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 09:07:14 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-11-12 09:06:36 ----D---- C:\Program Files\Microsoft Works
2008-11-12 09:05:55 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-12 09:05:10 ----D---- C:\Program Files\Microsoft.NET
2008-11-12 09:03:04 ----D---- C:\WINDOWS\SHELLNEW
2008-11-12 09:01:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 09:01:23 ----RHD---- C:\MSOCache
2008-11-12 08:50:10 ----D---- C:\Documents and Settings\Carlee Minchin\Application Data\GetRightToGo
2008-11-12 08:47:54 ----D---- C:\Program Files\Microsoft Office

======List of files/folders modified in the last 1 months======

2008-12-11 08:00:09 ----D---- C:\MDT
2008-12-11 08:00:07 ----D---- C:\WINDOWS
2008-12-11 08:00:02 ----D---- C:\WINDOWS\Temp
2008-12-11 07:59:01 ----RD---- C:\Program Files
2008-12-11 07:59:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-11 07:59:01 ----D---- C:\WINDOWS\system32
2008-12-11 07:57:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 07:57:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-11 01:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-10 16:24:27 ----D---- C:\Documents and Settings\Carlee Minchin\Application Data\LimeWire
2008-12-10 09:51:11 ----D---- C:\Documents and Settings\Carlee Minchin\Application Data\Corel
2008-12-08 20:09:20 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-06 21:18:17 ----D---- C:\Documents and Settings\Carlee Minchin\Application Data\DivX
2008-12-06 21:16:24 ----D---- C:\WINDOWS\system32\C2MP
2008-12-06 21:08:17 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-06 20:57:37 ----SHD---- C:\WINDOWS\Installer
2008-12-06 20:57:05 ----D---- C:\Program Files\Common Files
2008-12-06 20:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-03 19:44:28 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 16:25:18 ----D---- C:\Documents and Settings
2008-12-02 19:26:12 ----D---- C:\Program Files\Java
2008-11-28 01:11:10 ----A---- C:\WINDOWS\system.ini
2008-11-28 01:10:11 ----D---- C:\WINDOWS\AppPatch
2008-11-28 01:08:54 ----D---- C:\Temp
2008-11-27 19:10:20 ----SHD---- C:\WINDOWS\system32\dllcache
2008-11-27 19:05:45 ----D---- C:\WINDOWS\system32\config
2008-11-27 19:02:47 ----RASH---- C:\boot.ini
2008-11-27 00:40:19 ----A---- C:\WINDOWS\wininit.ini
2008-11-27 00:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 21:01:23 ----N---- C:\WINDOWS\system32\sarotehi.dll_old
2008-11-26 12:59:29 ----D---- C:\WINDOWS\system32\Restore
2008-11-26 12:50:33 ----A---- C:\WINDOWS\win.ini
2008-11-26 12:29:26 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-25 21:08:43 ----SD---- C:\WINDOWS\Tasks
2008-11-22 00:07:29 ----RSD---- C:\WINDOWS\assembly
2008-11-22 00:05:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-22 00:05:38 ----D---- C:\WINDOWS\WinSxS
2008-11-21 07:48:30 ----HD---- C:\WINDOWS\inf
2008-11-21 07:48:29 ----D---- C:\WINDOWS\Help
2008-11-16 22:32:50 ----D---- C:\Program Files\LimeWire
2008-11-13 00:02:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 00:02:17 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 10:02:03 ----SD---- C:\Documents and Settings\Carlee Minchin\Application Data\Microsoft
2008-11-12 09:05:30 ----RSD---- C:\WINDOWS\Fonts
2008-11-12 09:05:10 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-12 08:47:33 ----D---- C:\Program Files\MSECACHE
2008-11-12 02:09:53 ----D---- C:\Program Files\Google
2008-11-12 02:09:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-26 254872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-13 4403712]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-27 6738304]
R3 pmxmouse;PMXMOUSE; C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 18432]
R3 pmxusblf;PMXUSBLF; C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 14336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-30 47360]
S3 pepscsi;pepscsi; C:\WINDOWS\system32\DRIVERS\pepscsi.sys [2007-11-20 101192]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-05-25 112176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-27 163908]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-13 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-11 08:23:13

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
18 Wheels of Steel: Haulin' -->C:\Program Files\18 Wheels of Steel Haulin\uninst.exe
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Console Classix 4.05-->"C:\Program Files\ConsoleClassix.com\unins000.exe"
Corel Snapfire DVD Maker-->MsiExec.exe /X{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}
Corel Snapfire muvee autoProducer add-on-->MsiExec.exe /X{72470D12-2CCA-4324-AFF9-F1396A2168EA}
Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
FastStone Photo Resizer 2.5-->C:\Program Files\FastStone Photo Resizer\uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections 12.1.8.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Lite Codec Pack 4.3.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Codec Pack 3.2.0-->C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mouse Suite for Desktop Computers-->C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MX vs ATV Unleashed-->MsiExec.exe /X{BBE18EBD-CD44-4C51-8BC5-577ECCCEC68F}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Scooby-Doo™, Case File #1 The Glowing Bug Man-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Scooby-Doo\Scooby-Doo™, Case File #1 The Glowing Bug Man\Uninstall.xml"
Scooby-Doo™, Case File #2 The Scary Stone Dragon-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Scooby-Doo\Scooby-Doo™, Case File #2 The Scary Stone Dragon\Uninstall.xml"
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081210-0]
FW: Norton Internet Worm Protection (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 11 December 2008 - 02:00 PM

Taking a look now back soon,

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#3 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 11 December 2008 - 03:05 PM

Hi CarleeMay,

I suspect Malwarebytes removed something nasty and now windows is looking for it. There are other infections there as well

I recommend that you uninstall Limewire via the add/remove utility in the control panel.
Please read this article By Taz at CastleCops.

I can see entries in you log for Symantec, have you discarded this or is it still in use?

Open Hijackthis, take another scan and place a checkmark next to these entries.


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {b50bb4ac-47b7-4a9d-b1dd-f04fc1eaedfe} - C:\WINDOWS\system32\defiwote.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\kegigena.dll


Close all open Windows except Hijackthis and click on "fix Checked".


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#4 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 December 2008 - 08:30 PM

Ok Here The Combofix log:
ComboFix 08-12-11.04 - Carlee Minchin 2008-12-11 19:08:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.556 [GMT -6:00]
Running from: c:\documents and settings\Carlee Minchin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nowepeto.dll
c:\windows\system32\wamejawe.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

2008-12-11 08:23 . 2008-12-11 08:23 <DIR> d-------- C:\rsit
2008-12-10 09:45 . 2008-12-10 09:45 5,018 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\Media Player Classic
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\DivX
2008-12-06 21:12 . 2008-12-06 21:12 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-06 21:08 . 2004-01-25 10:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-06 21:08 . 2007-09-04 10:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-06 21:08 . 2007-07-10 10:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 21:08 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2008-12-03 16:31 . 2008-12-03 16:31 <DIR> d-------- c:\documents and settings\dominik\Application Data\FastStone
2008-12-03 16:26 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\dominik\Application Data\Roxio
2008-12-03 16:25 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\dominik\Application Data\InstallShield
2008-12-03 16:25 . 2007-10-19 20:20 <DIR> d--h----- c:\documents and settings\dominik\Application Data\GTek
2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-------- c:\documents and settings\dominik
2008-11-28 12:34 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-28 12:34 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-28 01:06 . 2008-11-28 01:12 <DIR> d-------- C:\Combo-Fix
2008-11-27 02:13 . 2008-12-10 17:30 4,074,306 --a------ c:\windows\pfirewall.log.old
2008-11-26 23:53 . 2008-11-26 23:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:47 . 2008-11-25 16:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 11:15 . 2008-11-25 11:21 <DIR> d-------- C:\SDFix
2008-11-25 01:02 . 2008-11-25 01:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-25 01:00 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-25 01:00 . 2007-10-19 20:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek
2008-11-25 01:00 . 2008-11-25 01:00 <DIR> d-------- c:\documents and settings\Administrator
2008-11-24 21:29 . 2008-11-24 21:29 104 --a------ c:\windows\system32\&Search.lnk
2008-11-13 07:52 . 2008-11-13 07:52 56,552 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-11-12 09:07 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-12 09:06 . 2008-11-12 09:06 <DIR> d-------- c:\program files\Microsoft Works
2008-11-12 09:05 . 2008-11-12 09:05 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-12 09:03 . 2008-11-12 09:03 <DIR> d-------- c:\windows\SHELLNEW
2008-11-12 09:01 . 2008-11-12 09:01 <DIR> dr-h----- C:\MSOCache
2008-11-12 09:01 . 2008-11-22 00:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 08:50 . 2008-11-12 09:22 <DIR> d-------- c:\documents and settings\Carlee Minchin\Application Data\GetRightToGo
2008-11-12 07:58 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:57 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 07:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-10 22:24 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\LimeWire
2008-12-10 15:51 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Corel
2008-12-07 03:18 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\DivX
2008-12-07 03:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-07 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 01:26 --------- d-----w c:\program files\Java
2008-11-27 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 04:32 --------- d-----w c:\program files\LimeWire
2008-11-12 14:47 --------- d-----w c:\program files\MSECACHE
2008-11-12 08:09 --------- d-----w c:\program files\Google
2008-11-11 17:28 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-10 23:00 --------- d-----w c:\program files\Total Video2DVD Author
2008-11-05 15:19 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Malwarebytes
2008-11-05 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-05 02:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 01:16 --------- d-----w c:\program files\DivX
2008-10-25 18:41 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Roxio
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 22:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-09-24 21:33 5,384,109 ----a-w c:\documents and settings\Carlee Minchin\Application Data\consoleclassixsetup.exe
2008-03-05 14:14 47,360 ----a-w c:\documents and settings\Carlee Minchin\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-27_19.13.14.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-06 21:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-12-06 04:52:44 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
- 2008-08-06 21:30:48 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll
+ 2008-12-06 05:01:24 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll
- 2008-08-06 21:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2008-12-06 04:53:24 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
- 2008-08-06 20:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-12-06 04:33:38 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2008-08-06 21:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-12-06 04:53:28 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2008-08-06 20:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2008-12-06 04:25:10 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
- 2008-08-06 20:35:52 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2008-12-06 04:25:12 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2008-08-06 20:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-12-06 04:25:10 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2008-08-06 20:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-12-06 04:29:48 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2008-08-06 21:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-12-06 04:52:04 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2008-08-06 21:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-12-06 04:53:58 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-12-06 05:01:06 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103471.exe
- 2008-08-06 21:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-12-06 04:51:48 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2008-08-06 21:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-12-06 04:51:46 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2008-08-06 20:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2008-12-06 04:25:10 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 1999-06-25 15:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 1999-06-25 16:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
- 2008-01-01 00:00:00 741,376 ----a-w c:\windows\system32\audxlib.dll
+ 2008-05-24 09:55:00 741,376 ----a-w c:\windows\system32\audxlib.dll
- 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2007-12-29 00:03:38 97,280 ----a-w c:\windows\system32\avs.dll
+ 2008-03-29 15:41:54 97,280 ----a-w c:\windows\system32\avs.dll
- 2007-12-29 00:03:56 102,400 ----a-w c:\windows\system32\avss.dll
+ 2008-03-29 15:42:14 102,400 ----a-w c:\windows\system32\avss.dll
- 2007-01-21 21:53:26 92,728 ----a-w c:\windows\system32\bass.dll
+ 2007-02-01 23:19:46 92,728 ----a-w c:\windows\system32\bass.dll
- 2006-05-21 18:05:38 150,520 ----a-w c:\windows\system32\bass_aac.dll
+ 2007-02-01 23:19:46 150,520 ----a-w c:\windows\system32\bass_aac.dll
- 2006-05-21 18:07:24 12,784 ----a-w c:\windows\system32\bass_alac.dll
+ 2007-02-01 23:19:46 12,784 ----a-w c:\windows\system32\bass_alac.dll
- 2006-05-21 20:03:36 33,240 ----a-w c:\windows\system32\bass_ape.dll
+ 2007-02-01 23:19:46 33,240 ----a-w c:\windows\system32\bass_ape.dll
- 2006-08-22 13:03:46 23,616 ----a-w c:\windows\system32\bass_flac.dll
+ 2007-02-01 23:19:46 23,616 ----a-w c:\windows\system32\bass_flac.dll
- 2006-05-21 17:39:12 18,888 ----a-w c:\windows\system32\bass_mpc.dll
+ 2007-02-01 23:19:46 18,888 ----a-w c:\windows\system32\bass_mpc.dll
- 2006-05-21 18:07:52 8,664 ----a-w c:\windows\system32\bass_tta.dll
+ 2007-02-01 23:19:46 8,664 ----a-w c:\windows\system32\bass_tta.dll
- 2006-05-21 18:08:08 28,088 ----a-w c:\windows\system32\bass_wv.dll
+ 2007-02-01 23:19:46 28,088 ----a-w c:\windows\system32\bass_wv.dll
+ 2008-03-21 20:29:30 479,232 ----a-w c:\windows\system32\C2MP\Microsoft.VC80.CRT\msvcm80.dll
- 2007-01-30 05:03:56 548,864 ----a-w c:\windows\system32\C2MP\Microsoft.VC80.CRT\msvcp80.dll
+ 2008-03-21 20:29:30 548,864 ----a-w c:\windows\system32\C2MP\Microsoft.VC80.CRT\msvcp80.dll
- 2007-01-30 05:03:56 626,688 ----a-w c:\windows\system32\C2MP\Microsoft.VC80.CRT\msvcr80.dll
+ 2008-03-21 20:29:30 626,688 ----a-w c:\windows\system32\C2MP\Microsoft.VC80.CRT\msvcr80.dll
- 2007-12-11 22:33:02 1,335,600 ----a-w c:\windows\system32\C2MP\npdivx32.dll
+ 2008-03-21 20:28:46 1,335,600 ----a-w c:\windows\system32\C2MP\npdivx32.dll
- 2008-01-21 12:34:28 27,126 ----a-w c:\windows\system32\C2MP\Un_Parts.exe
+ 2008-05-24 19:55:56 26,614 ----a-w c:\windows\system32\C2MP\Un_Parts.exe
- 2008-11-03 01:10:48 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-11 07:48:39 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-03 01:10:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-11 07:48:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-03 01:10:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-11 07:48:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 21:25:46 682,496 ----a-w c:\windows\system32\DivX.dll
+ 2008-03-21 20:30:12 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-03-21 20:28:54 81,920 ----a-w c:\windows\system32\dpl100.dll
+ 2008-03-21 20:28:50 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-03-21 20:28:50 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-03-21 20:28:50 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-03-21 20:28:50 57,344 ----a-w c:\windows\system32\dpv11.dll
- 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
- 2007-12-29 00:03:38 103,424 ----a-w c:\windows\system32\dsmux.exe
+ 2008-03-29 15:42:00 103,424 ----a-w c:\windows\system32\dsmux.exe
+ 2008-03-21 20:28:54 196,608 ----a-w c:\windows\system32\dtu100.dll
- 2007-12-29 00:04:00 245,248 ----a-w c:\windows\system32\dxr.dll
+ 2008-03-29 15:42:22 245,248 ----a-w c:\windows\system32\dxr.dll
- 2008-01-20 21:26:46 204,800 ----a-w c:\windows\system32\ff_kernelDeint.dll
+ 2008-05-24 09:55:00 204,800 ----a-w c:\windows\system32\ff_kernelDeint.dll
- 2008-01-20 21:21:04 40,960 ----a-w c:\windows\system32\ff_liba52.dll
+ 2008-05-24 09:55:00 40,448 ----a-w c:\windows\system32\ff_liba52.dll
- 2008-01-20 21:21:04 155,648 ----a-w c:\windows\system32\ff_libdts.dll
+ 2008-05-24 09:55:00 147,456 ----a-w c:\windows\system32\ff_libdts.dll
- 2008-01-20 21:21:04 245,760 ----a-w c:\windows\system32\ff_libfaad2.dll
+ 2008-05-24 09:55:00 211,968 ----a-w c:\windows\system32\ff_libfaad2.dll
- 2008-01-20 21:21:04 118,784 ----a-w c:\windows\system32\ff_libmad.dll
+ 2008-05-24 09:55:00 99,840 ----a-w c:\windows\system32\ff_libmad.dll
- 2008-01-20 21:21:04 97,280 ----a-w c:\windows\system32\ff_realaac.dll
+ 2008-05-24 09:55:00 114,688 ----a-w c:\windows\system32\ff_realaac.dll
- 2008-01-20 21:21:04 122,880 ----a-w c:\windows\system32\ff_samplerate.dll
+ 2008-05-24 09:55:00 113,152 ----a-w c:\windows\system32\ff_samplerate.dll
- 2008-01-20 21:21:04 143,360 ----a-w c:\windows\system32\ff_theora.dll
+ 2008-05-24 09:55:00 143,360 ----a-w c:\windows\system32\ff_theora.dll
- 2008-01-20 21:21:04 81,408 ----a-w c:\windows\system32\ff_tremor.dll
+ 2008-05-24 09:55:00 115,200 ----a-w c:\windows\system32\ff_tremor.dll
- 2008-01-20 21:21:04 38,400 ----a-w c:\windows\system32\ff_unrar.dll
+ 2008-05-24 09:55:00 38,400 ----a-w c:\windows\system32\ff_unrar.dll
- 2008-01-20 21:07:00 7,680 ----a-w c:\windows\system32\ff_vfw.dll
+ 2008-05-24 09:55:00 7,680 ----a-w c:\windows\system32\ff_vfw.dll
- 2008-01-20 21:21:04 26,624 ----a-w c:\windows\system32\ff_wmv9.dll
+ 2008-05-24 09:55:00 23,552 ----a-w c:\windows\system32\ff_wmv9.dll
- 2008-01-20 21:21:04 507,392 ----a-w c:\windows\system32\ff_x264.dll
+ 2008-05-24 09:55:00 692,224 ----a-w c:\windows\system32\ff_x264.dll
- 2007-12-29 00:03:48 335,872 ----a-w c:\windows\system32\gdsmux.exe
+ 2008-03-29 15:42:02 335,872 ----a-w c:\windows\system32\gdsmux.exe
- 2008-06-10 06:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-10 11:43:37 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 06:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-10 11:43:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 07:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-10 11:43:39 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-01-20 21:21:06 3,109,376 ----a-w c:\windows\system32\libavcodec.dll
+ 2008-05-24 09:55:00 3,614,208 ----a-w c:\windows\system32\libavcodec.dll
+ 2008-03-21 20:30:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll
- 2008-01-20 21:21:04 114,688 ----a-w c:\windows\system32\libmpeg2_ff.dll
+ 2008-05-24 09:55:00 114,688 ----a-w c:\windows\system32\libmpeg2_ff.dll
- 2008-01-20 21:26:14 405,504 ----a-w c:\windows\system32\libmplayer.dll
+ 2008-05-24 09:55:00 455,680 ----a-w c:\windows\system32\libmplayer.dll
- 2007-12-29 00:03:38 135,168 ----a-w c:\windows\system32\mkv2vfr.exe
+ 2008-03-29 15:41:54 135,168 ----a-w c:\windows\system32\mkv2vfr.exe
- 2007-12-29 00:03:46 141,312 ----a-w c:\windows\system32\mp4.dll
+ 2008-03-29 15:42:04 141,312 ----a-w c:\windows\system32\mp4.dll
- 2007-12-29 00:03:40 120,832 ----a-w c:\windows\system32\ogm.dll
+ 2008-03-29 15:42:02 120,832 ----a-w c:\windows\system32\ogm.dll
+ 2008-05-24 09:55:00 60,273 ----a-w c:\windows\system32\pthreadGC2.dll
+ 2008-03-21 20:30:08 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-03-21 20:30:00 200,704 ----a-w c:\windows\system32\ssldivx.dll
- 2008-01-20 21:26:46 204,800 ----a-w c:\windows\system32\TomsMoComp_ff.dll
+ 2008-05-24 09:55:00 204,800 ----a-w c:\windows\system32\TomsMoComp_ff.dll
- 2007-12-29 00:03:48 163,840 ----a-w c:\windows\system32\ts.dll
+ 2008-03-29 15:42:00 163,840 ----a-w c:\windows\system32\ts.dll
- 2008-01-20 21:21:06 662,016 ----a-w c:\windows\system32\xvidcore.dll
+ 2008-05-24 09:55:00 711,168 ----a-w c:\windows\system32\xvidcore.dll
+ 2008-12-12 01:14:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4b4.dat
+ 2008-12-12 01:14:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-13 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 PEP_HKA;PEP_HKA;c:\windows\system32\Drivers\PEP_HKA.SYS [2008-01-23 15040]
R0 pepbus;pepbus;c:\windows\system32\DRIVERS\pepbus.sys [2008-01-23 16624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-06 20560]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-11-08 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-11-08 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-19 29744]
S3 pepscsi;pepscsi;c:\windows\system32\DRIVERS\pepscsi.sys [2008-01-23 101192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7beb6f7-f425-11dc-a082-001aa08fa97f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 19:14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-12-11 19:22:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 01:21:11
ComboFix2.txt 2008-11-28 07:12:18
ComboFix3.txt 2008-11-28 01:14:36

Pre-Run: 36,975,423,488 bytes free
Post-Run: 37,203,501,056 bytes free

356 --- E O F --- 2008-11-22 06:08:45


THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:17 PM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carleemay7415.spaces.live.com/Photo...ad/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...257/mcfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.11.cab?
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12728 bytes


The Other Uninstall List:

18 Wheels of Steel: Haulin'
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Reader 7.1.0
Adobe Reader 8.1.1
Adobe Shockwave Player 11
Apple Software Update
avast! Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Console Classix 4.05
Corel Snapfire DVD Maker
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center (Support Software)
DellSupport
FastStone Photo Resizer 2.5
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Grand Theft Auto Vice City
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Connections 12.1.8.0
Java™ 6 Update 11
K-Lite Codec Pack 4.3.4 (Full)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mouse Suite for Desktop Computers
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MX vs ATV Unleashed
NVIDIA Drivers
PowerDVD
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Scooby-Doo™, Case File #1 The Glowing Bug Man
Scooby-Doo™, Case File #2 The Scary Stone Dragon
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Activation Module
Spybot - Search & Destroy
Uninstall 1.0.0.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

So I shouldn't use Limewire anymore? Is there a safe site I Can go to for music?

#5 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 12 December 2008 - 04:12 AM

Hi Carleemay,

Download CCleaner from here to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
Click Run Cleaner to run the program.
Caution: Uncheck the 'Issues' tab as it's not necessary for the purpose of this fix.
After it has completed it's process, click Exit.

Now run Malwarebytes and post the report.

I need your feed back in relation to this question.

I can see entries in you log for Symantec, have you discarded this or is it still in use?

It is a bad idea to have two anti-virus programmes running as it causes conflicts. Is this the case here and if so which one do you want removed?

So I shouldn't use Limewire anymore? Is there a safe site I Can go to for music?

I can't advise you on this as I'm not into music downloads, all I know is that P2P file sharing is a major cause of malware distribution. I understand there are legal music download sites out there but you have to pay.

These Directories are left over after the Limewire removal, make sure you have nothing important in them and let me know if its safe to delete them in your next post please.

c:\documents and settings\Carlee Minchin\Application Data\LimeWire
c:\program files\LimeWire

How is the Computer now, are the issues resolved?

I strongly recommend adding the following additional protections:

MacAffee Site advisor.
http://www.siteadvisor.com/
This is to protect you from bad Internet sites.

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
This is to protect you from bad active X infections.

Other securities seem fine apart from the anti-virus issue I mentioned above which needs urgent attention.

Post the following:
  • The Malwarebytes log.
  • The requested information.
  • Another Uninstall list.

This may not remove all the infections present. It is important that you post back and complete the fix.

Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#6 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 15 December 2008 - 01:15 AM

Ok now I'm not sure on what is happening...My computer freezes when I reboot...when I actually sign into my account it gives me a warning that my firewall isnt on...so I turned it on and Now when I go to google and go to some sites in my favorites I get a page saying they cannot find the site..everything I google comes up but when i click on the link it couldnt find it...I tried to get onto bleeping computers and it said they could not find it so I log into my sons account and I am able to now get onto here but malwarebytes isnt working...when I double click on it I get nothing....So what should I do? I deleted Limewire and earlier today it said I had a virus from Limewire which I moved to chest...I have no clue on what to do now

#7 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 15 December 2008 - 05:27 AM

Hi Carleemay,

And I thought we were making some good progress lol.

Did you follow and complete my instructions?

How many user accounts on this computer.? Please post full details.

Run Combofix again
  • :
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

We need to see some additional information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Also post the full computer Speck.

Thank you.

Joe.

Edited by Joe - London, 17 December 2008 - 01:22 PM.

If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#8 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 15 December 2008 - 04:56 PM

Wow Ok after a whole morning of trying to get on here I finally did a scan in safemode with advast and the computer is now allowing me on here
I don't know what you mean about symantec? I use advast as a virus scanner etc. So if it is on my computer I didnt know lol
Here is my combofix log:

ComboFix 08-12-11.04 - Carlee Minchin 2008-12-15 15:36:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.655 [GMT -6:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-14 13:49 . 2008-12-15 10:51 2,710 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-11 08:23 . 2008-12-11 08:23 <DIR> d-------- C:\rsit
2008-12-10 09:45 . 2008-12-13 23:09 5,018 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\Media Player Classic
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\DivX
2008-12-06 21:12 . 2008-12-06 21:12 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-06 21:08 . 2004-01-25 10:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-06 21:08 . 2007-09-04 10:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-06 21:08 . 2007-07-10 10:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 21:08 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2008-12-03 16:31 . 2008-12-03 16:31 <DIR> d-------- c:\documents and settings\dominik\Application Data\FastStone
2008-12-03 16:26 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\dominik\Application Data\Roxio
2008-12-03 16:25 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\dominik\Application Data\InstallShield
2008-12-03 16:25 . 2007-10-19 20:20 <DIR> d--h----- c:\documents and settings\dominik\Application Data\GTek
2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-------- c:\documents and settings\dominik
2008-11-28 12:34 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-28 12:34 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-28 01:06 . 2008-11-28 01:12 <DIR> d-------- C:\Combo-Fix
2008-11-27 02:13 . 2008-12-10 17:30 4,074,306 --a------ c:\windows\pfirewall.log.old
2008-11-26 23:53 . 2008-11-26 23:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:47 . 2008-11-25 16:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 11:15 . 2008-11-25 11:21 <DIR> d-------- C:\SDFix
2008-11-25 01:02 . 2008-11-25 01:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-25 01:00 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-25 01:00 . 2007-10-19 20:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek
2008-11-25 01:00 . 2008-11-25 01:00 <DIR> d-------- c:\documents and settings\Administrator
2008-11-24 21:29 . 2008-11-24 21:29 104 --a------ c:\windows\system32\&Search.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 05:58 --------- d-----w c:\program files\Google
2008-12-15 05:57 --------- d-----w c:\program files\Lavasoft
2008-12-14 05:22 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Corel
2008-12-12 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 22:24 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\LimeWire
2008-12-07 03:18 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\DivX
2008-12-07 03:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-07 02:57 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-03 01:26 --------- d-----w c:\program files\Java
2008-11-12 15:22 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\GetRightToGo
2008-11-12 15:06 --------- d-----w c:\program files\Microsoft Works
2008-11-12 15:05 --------- d-----w c:\program files\Microsoft.NET
2008-11-12 14:47 --------- d-----w c:\program files\MSECACHE
2008-11-10 23:00 --------- d-----w c:\program files\Total Video2DVD Author
2008-11-05 15:19 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Malwarebytes
2008-11-05 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-05 02:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 01:16 --------- d-----w c:\program files\DivX
2008-10-25 18:41 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Roxio
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 08:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 21:33 5,384,109 ----a-w c:\documents and settings\Carlee Minchin\Application Data\consoleclassixsetup.exe
2008-09-23 23:46 245,408 ----a-w c:\windows\system32\unicows.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\PxAFS.DLL
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-03-05 14:14 47,360 ----a-w c:\documents and settings\Carlee Minchin\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-11_19.19.47.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-11-22 06:02:30 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-12 06:25:19 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-11-22 06:06:41 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-12 06:25:00 20,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-22 06:06:40 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-12 06:24:59 184,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-22 06:06:41 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-12 06:25:00 217,864 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-22 06:06:41 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-12 06:25:01 18,704 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-22 06:06:41 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-12 06:25:01 35,088 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-22 06:06:40 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-12 06:25:00 922,384 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-22 06:06:41 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-12 06:25:01 888,080 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-22 06:06:40 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-12 06:24:59 1,172,240 ----a-r c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-12-11 07:48:39 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 16:50:42 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-11 07:48:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 16:50:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-11 07:48:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 16:50:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 02:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-12-09 21:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 08:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 03:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 03:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-15 21:35:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3fc.dat
+ 2008-12-15 21:35:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_588.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 PEP_HKA;PEP_HKA;c:\windows\system32\Drivers\PEP_HKA.SYS [2008-01-23 15040]
R0 pepbus;pepbus;c:\windows\system32\DRIVERS\pepbus.sys [2008-01-23 16624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-11-08 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-11-08 14336]
S3 pepscsi;pepscsi;c:\windows\system32\DRIVERS\pepscsi.sys [2008-01-23 101192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7beb6f7-f425-11dc-a082-001aa08fa97f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
FF - ProfilePath - c:\documents and settings\Carlee Minchin\Application Data\Mozilla\Firefox\Profiles\wrsedgr1.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 15:39:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"
.
Completion time: 2008-12-15 15:40:39
ComboFix-quarantined-files.txt 2008-12-15 21:40:21
ComboFix2.txt 2008-12-12 01:22:01
ComboFix3.txt 2008-11-28 07:12:18
ComboFix4.txt 2008-11-28 01:14:36

Pre-Run: 28,370,890,752 bytes free
Post-Run: 28,726,419,456 bytes free

384 --- E O F --- 2008-12-12 06:25:20


The 2 Other Logs You ReQuested


DDS (Version 1.0.1) - NTFSx86
Run by Carlee Minchin at 15:46:00.67 on 15/12/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.639 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Carlee Minchin\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PMX Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 PEP_HKA;PEP_HKA;c:\windows\system32\drivers\PEP_HKA.SYS [2008-1-23 15040]
R0 pepbus;pepbus;c:\windows\system32\drivers\pepbus.sys [2008-1-23 16624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-15 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-12-15 155160]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-12-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-12-15 352920]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-11-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-11-8 14336]
S3 pepscsi;pepscsi;c:\windows\system32\drivers\pepscsi.sys [2008-1-23 101192]

=============== Created Last 30 ================

2008-12-15 15:32 <DIR> --d----- C:\ComboFix
2008-12-14 13:49 2,710 a------- c:\windows\system32\TDSSlxwp.dll
2008-12-10 09:45 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-12-06 21:12 <DIR> --d----- c:\windows\system32\QuickTime
2008-12-06 21:08 164,352 a------- c:\windows\system32\unrar.dll
2008-12-06 21:08 38 a------- c:\windows\avisplitter.ini
2008-12-06 21:08 217,088 a------- c:\windows\system32\yv12vfw.dll
2008-12-06 21:08 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-11-28 12:34 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-28 12:34 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-28 01:06 <DIR> --d----- C:\Combo-Fix
2008-11-27 19:02 <DIR> a-dshr-- C:\cmdcons
2008-11-27 19:00 161,792 a------- c:\windows\SWREG.exe
2008-11-27 19:00 98,816 a------- c:\windows\sed.exe
2008-11-27 02:13 4,074,306 a------- c:\windows\pfirewall.log.old
2008-11-26 23:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-25 20:53 <DIR> --d----- c:\windows\pss
2008-11-25 16:47 <DIR> --d----- c:\program files\Trend Micro
2008-11-25 11:15 <DIR> --d----- C:\SDFix
2008-11-24 21:29 104 a------- c:\windows\system32\&Search.lnk

==================== Find3M ====================

2008-11-13 07:52 56,552 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-10-24 05:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-17 02:08 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 07:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 04:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-24 15:33 5,384,109 a------- c:\docume~1\carlee~1\applic~1\consoleclassixsetup.exe
2008-09-23 17:46 245,408 a------- c:\windows\system32\unicows.dll
2008-09-20 13:39 78,407 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-03-05 08:14 47,360 a------- c:\docume~1\carlee~1\applic~1\pcouffin.sys

============= FINISH: 15:46:10.67 ===============


#2


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 08/11/2007 8:01:11 PM
System Uptime: 15/12/2008 3:34:36 PM (0 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz | Socket 775 | 1596/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 26.767 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP354: 15/09/2008 5:38:58 PM - System Checkpoint
RP355: 16/09/2008 7:14:19 PM - System Checkpoint
RP356: 18/09/2008 12:00:19 AM - System Checkpoint
RP357: 18/09/2008 7:23:17 PM - Removed Apple Mobile Device Support
RP358: 18/09/2008 7:24:19 PM - Removed Apple Software Update
RP359: 18/09/2008 7:25:55 PM - Removed QuickTime
RP360: 18/09/2008 7:27:44 PM - Removed PurePlay Poker.
RP361: 18/09/2008 7:28:48 PM - Removed Trivia Mania
RP362: 19/09/2008 6:18:20 PM - Installed iTunes
RP363: 20/09/2008 2:19:09 PM - Software Distribution Service 3.0
RP364: 21/09/2008 6:14:21 PM - System Checkpoint
RP365: 22/09/2008 3:00:22 AM - Software Distribution Service 3.0
RP366: 23/09/2008 4:05:44 AM - System Checkpoint
RP367: 24/09/2008 7:19:29 AM - System Checkpoint
RP368: 25/09/2008 11:46:35 AM - System Checkpoint
RP369: 26/09/2008 3:01:03 PM - System Checkpoint
RP370: 27/09/2008 11:48:04 PM - System Checkpoint
RP371: 28/09/2008 4:59:20 PM - Shockwave Player
RP372: 29/09/2008 6:11:14 PM - System Checkpoint
RP373: 01/10/2008 12:23:42 AM - System Checkpoint
RP374: 01/10/2008 10:39:32 AM - Removed iTunes
RP375: 02/10/2008 12:36:22 PM - System Checkpoint
RP376: 03/10/2008 2:32:52 PM - System Checkpoint
RP377: 04/10/2008 2:34:00 PM - System Checkpoint
RP378: 05/10/2008 6:38:17 PM - System Checkpoint
RP379: 06/10/2008 8:15:51 PM - System Checkpoint
RP380: 08/10/2008 1:37:14 AM - System Checkpoint
RP381: 09/10/2008 4:10:59 AM - System Checkpoint
RP382: 10/10/2008 8:00:02 AM - System Checkpoint
RP383: 11/10/2008 10:45:44 AM - System Checkpoint
RP384: 12/10/2008 3:00:09 PM - System Checkpoint
RP385: 13/10/2008 6:51:22 PM - System Checkpoint
RP386: 14/10/2008 3:00:26 AM - Software Distribution Service 3.0
RP387: 15/10/2008 7:02:06 AM - System Checkpoint
RP388: 16/10/2008 10:36:10 AM - System Checkpoint
RP389: 18/10/2008 6:41:44 PM - System Checkpoint
RP390: 19/10/2008 8:18:05 PM - System Checkpoint
RP391: 20/10/2008 9:12:12 PM - System Checkpoint
RP392: 22/10/2008 12:47:19 AM - System Checkpoint
RP393: 23/10/2008 3:13:01 AM - System Checkpoint
RP394: 24/10/2008 3:00:20 AM - Software Distribution Service 3.0
RP395: 25/10/2008 12:46:16 PM - System Checkpoint
RP396: 25/10/2008 1:34:48 PM - Installed Napster
RP397: 25/10/2008 1:35:22 PM - Installed Napster Burn Engine
RP398: 26/10/2008 3:40:17 PM - System Checkpoint
RP399: 27/10/2008 3:44:13 PM - System Checkpoint
RP400: 28/10/2008 3:45:19 PM - System Checkpoint
RP401: 29/10/2008 5:34:18 PM - System Checkpoint
RP402: 31/10/2008 1:11:23 AM - System Checkpoint
RP403: 01/11/2008 1:11:45 AM - System Checkpoint
RP404: 02/11/2008 1:23:25 AM - System Checkpoint
RP405: 03/11/2008 5:04:00 AM - System Checkpoint
RP406: 03/11/2008 7:03:47 PM - Removed Apple Mobile Device Support
RP407: 04/11/2008 9:47:22 PM - Removed Napster
RP408: 04/11/2008 9:47:53 PM - Removed Napster Burn Engine
RP409: 04/11/2008 10:01:59 PM - Removed muvee autoProducer 5.0
RP410: 05/11/2008 9:53:05 AM - Installed Windows Internet Explorer 8.
RP411: 05/11/2008 4:31:41 PM - Software Distribution Service 3.0
RP412: 06/11/2008 9:27:24 PM - System Checkpoint
RP413: 07/11/2008 11:48:18 PM - System Checkpoint
RP414: 09/11/2008 2:37:23 AM - System Checkpoint
RP415: 10/11/2008 4:10:12 AM - System Checkpoint
RP416: 11/11/2008 3:05:55 PM - System Checkpoint
RP417: 12/11/2008 8:47:48 AM - Installed Compatibility Pack for the 2007 Office system
RP418: 12/11/2008 9:01:22 AM - Installed Microsoft Office Home and Student 2007
RP419: 12/11/2008 9:07:12 AM - Printer Driver Send To Microsoft OneNote Driver Installed
RP420: 12/11/2008 9:24:13 AM - Configured Microsoft Office Home and Student 2007
RP421: 13/11/2008 12:00:19 AM - Software Distribution Service 3.0
RP422: 14/11/2008 3:54:31 AM - System Checkpoint
RP423: 15/11/2008 7:48:49 AM - System Checkpoint
RP424: 16/11/2008 12:02:58 PM - System Checkpoint
RP425: 17/11/2008 12:22:41 PM - System Checkpoint
RP426: 18/11/2008 4:01:44 PM - System Checkpoint
RP427: 19/11/2008 4:08:01 PM - System Checkpoint
RP428: 20/11/2008 10:44:03 PM - System Checkpoint
RP429: 22/11/2008 12:02:05 AM - Software Distribution Service 3.0
RP430: 23/11/2008 1:57:43 PM - System Checkpoint
RP431: 24/11/2008 4:05:09 PM - System Checkpoint
RP432: 25/11/2008 6:12:27 PM - System Checkpoint
RP433: 25/11/2008 8:57:50 PM - Installed AdwareAlert
RP434: 25/11/2008 9:02:40 PM - Removed AdwareAlert
RP435: 26/11/2008 1:02:25 PM - Restore Operation
RP436: 27/11/2008 1:46:03 PM - System Checkpoint
RP437: 27/11/2008 7:01:25 PM - ComboFix created restore point
RP438: 28/11/2008 1:07:29 AM - ComboFix created restore point
RP439: 28/11/2008 12:24:49 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP440: 28/11/2008 12:25:33 PM - Removed Java™ 6 Update 3
RP441: 28/11/2008 12:26:15 PM - Removed Java™ 6 Update 5
RP442: 28/11/2008 12:27:04 PM - Removed Java™ 6 Update 7
RP443: 28/11/2008 12:34:19 PM - Installed Java™ 6 Update 10
RP444: 29/11/2008 1:45:08 PM - System Checkpoint
RP445: 30/11/2008 3:42:12 PM - System Checkpoint
RP446: 01/12/2008 5:24:11 PM - System Checkpoint
RP447: 02/12/2008 7:25:31 PM - Installed Java™ 6 Update 11
RP448: 03/12/2008 9:45:43 PM - System Checkpoint
RP449: 05/12/2008 1:12:01 AM - System Checkpoint
RP450: 06/12/2008 2:39:46 AM - System Checkpoint
RP451: 06/12/2008 8:56:46 PM - Removed QuickTime
RP452: 07/12/2008 9:18:35 PM - System Checkpoint
RP453: 09/12/2008 2:12:17 AM - System Checkpoint
RP454: 09/12/2008 11:32:41 AM - Shockwave Player
RP455: 10/12/2008 12:36:09 PM - System Checkpoint
RP456: 11/12/2008 12:38:02 PM - System Checkpoint
RP457: 11/12/2008 7:07:26 PM - ComboFix created restore point
RP458: 12/12/2008 12:00:47 AM - Software Distribution Service 3.0
RP459: 13/12/2008 12:07:55 AM - System Checkpoint
RP460: 14/12/2008 1:28:42 AM - System Checkpoint
RP461: 15/12/2008 12:31:24 PM - System Checkpoint

==== Installed Programs ======================

18 Wheels of Steel: Haulin'
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Reader 7.1.0
Adobe Reader 8.1.1
Adobe Shockwave Player 11
Apple Software Update
avast! Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Console Classix 4.05
Corel Snapfire DVD Maker
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center (Support Software)
DellSupport
FastStone Photo Resizer 2.5
Google Earth
Grand Theft Auto Vice City
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Connections 12.1.8.0
Java™ 6 Update 11
K-Lite Codec Pack 4.3.4 (Full)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MX vs ATV Unleashed
NVIDIA Drivers
PowerDVD
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Scooby-Doo™, Case File #1 The Glowing Bug Man
Scooby-Doo™, Case File #2 The Scary Stone Dragon
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Activation Module
Spybot - Search & Destroy
Uninstall 1.0.0.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages ===================

14/12/2008 11:57:48 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
15/12/2008 10:51:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/12/2008 10:52:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm
15/12/2008 10:54:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
15/12/2008 3:40:41 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TDSSSERV.SYS\0000 disappeared from the system without first being prepared for removal.

==== End Of File ===========================


I have stopped using Limewire all together but for some reason the other day It said I had a viru from it so I'm not sure...Thank you for helping me with this...I called my internet provider when I couldnt get onto here and all they said was it seems like you have a virus lol like I didnt know that already. Should I be deleting anything else like spybot or hijackthis? I deleted Malwarebytes so I could reinstall it but it wouldn't let me....

#9 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 15 December 2008 - 07:58 PM

Hi Carleemay,

Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

I can't see any reference to Limewire in your programmes but it's still present on your hard drive and the registry. Do you want these entries removed? Make sure you have no important music files etc inside these Directories. Post your instructions on this please.

Should I be deleting anything else like spybot or hijackthis?

Please don't make any system changes during the fix except as we agree.

I deleted Malwarebytes so I could reinstall it but it wouldn't let me....

Did you uninstall it via the add/remove utility in the control panel? Its still there so try that first.
Let me know how you got on and we'll try installing it next time. Do this before proceeding to the next step.

Combofix run:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad*

Copy and paste all the text in the quotebox below into it:


KillAll::

File::
c:\windows\system32\TDSSlxwp.dll
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll

Folder::
c:\documents and settings\Administrator\Application Data\Malwarebytes

ADS::
C:\windows\system32

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"=-


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Posted Image

If the image isn't visible Click Here to view.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This reactivates Combofix. Again follow the prompts.

It will create another System restore point.

When finished, it shall produce a log for you at C:\ComboFix.txt

Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Be sure to include a new HJT log n your next reply.

Also post an Uninstall list for me. Heres how:

Open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.


Joe.

Edited by Joe - London, 17 December 2008 - 01:25 PM.

If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#10 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 15 December 2008 - 09:23 PM

Thats fine...I can only imagine how many of us are asking for your help ...
Yes I do want Limewire Entries removed Please
I have been succesful at downloading malwarebytes again and it works
Here are all the Logs:

ComboFix 08-12-11.04 - Carlee Minchin 2008-12-15 20:00:22.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.494 [GMT -6:00]
Running from: c:\documents and settings\Carlee Minchin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carlee Minchin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\TDSSlxwp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Malwarebytes
c:\documents and settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2008-11-25 (01-26-39).txt
c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\TDSSlxwp.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 19:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:16 . 2008-12-15 19:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 19:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 19:13 . 2008-12-15 19:13 <DIR> d-------- c:\program files\Bonjour
2008-12-15 19:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-15 19:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-15 19:10 . 2008-12-15 19:11 <DIR> d-------- c:\program files\iTunes
2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\program files\iPod
2008-12-15 19:10 . 2008-12-15 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 19:09 . 2008-12-15 19:10 <DIR> d-------- c:\program files\QuickTime
2008-12-15 19:03 . 2008-12-15 19:10 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 08:23 . 2008-12-11 08:23 <DIR> d-------- C:\rsit
2008-12-10 09:45 . 2008-12-15 18:51 5,018 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\Media Player Classic
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\DivX
2008-12-06 21:08 . 2004-01-25 10:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-06 21:08 . 2007-09-04 10:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-06 21:08 . 2007-07-10 10:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 21:08 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2008-12-03 16:31 . 2008-12-03 16:31 <DIR> d-------- c:\documents and settings\dominik\Application Data\FastStone
2008-12-03 16:26 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\dominik\Application Data\Roxio
2008-12-03 16:25 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\dominik\Application Data\InstallShield
2008-12-03 16:25 . 2007-10-19 20:20 <DIR> d--h----- c:\documents and settings\dominik\Application Data\GTek
2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-------- c:\documents and settings\dominik
2008-11-28 12:34 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-28 12:34 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-28 01:06 . 2008-11-28 01:12 <DIR> d-------- C:\Combo-Fix
2008-11-27 02:13 . 2008-12-10 17:30 4,074,306 --a------ c:\windows\pfirewall.log.old
2008-11-26 23:53 . 2008-11-26 23:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:47 . 2008-11-25 16:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 11:15 . 2008-11-25 11:21 <DIR> d-------- C:\SDFix
2008-11-25 01:00 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-25 01:00 . 2007-10-19 20:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek
2008-11-25 01:00 . 2008-11-25 01:00 <DIR> d-------- c:\documents and settings\Administrator
2008-11-24 21:29 . 2008-11-24 21:29 104 --a------ c:\windows\system32\&Search.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 01:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-16 00:57 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Corel
2008-12-15 21:57 --------- d-----w c:\program files\Google
2008-12-15 05:57 --------- d-----w c:\program files\Lavasoft
2008-12-12 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 22:24 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\LimeWire
2008-12-07 03:18 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\DivX
2008-12-07 03:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-03 01:26 --------- d-----w c:\program files\Java
2008-11-12 15:22 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\GetRightToGo
2008-11-12 15:06 --------- d-----w c:\program files\Microsoft Works
2008-11-12 15:05 --------- d-----w c:\program files\Microsoft.NET
2008-11-12 14:47 --------- d-----w c:\program files\MSECACHE
2008-11-10 23:00 --------- d-----w c:\program files\Total Video2DVD Author
2008-11-05 15:19 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Malwarebytes
2008-11-05 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-05 02:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 01:16 --------- d-----w c:\program files\DivX
2008-10-25 18:41 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Roxio
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-24 21:33 5,384,109 ----a-w c:\documents and settings\Carlee Minchin\Application Data\consoleclassixsetup.exe
2008-03-05 14:14 47,360 ----a-w c:\documents and settings\Carlee Minchin\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-15_15.40.01.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-16 01:13:19 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2008-12-16 01:11:34 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-04-17 19:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 19:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 20:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2008-12-16 02:05:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2008-12-16 02:05:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PEP_HKA;PEP_HKA;c:\windows\system32\Drivers\PEP_HKA.SYS [2008-01-23 15040]
R0 pepbus;pepbus;c:\windows\system32\DRIVERS\pepbus.sys [2008-01-23 16624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-11-08 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-11-08 14336]
S3 pepscsi;pepscsi;c:\windows\system32\DRIVERS\pepscsi.sys [2008-01-23 101192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7beb6f7-f425-11dc-a082-001aa08fa97f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
FF - ProfilePath - c:\documents and settings\Carlee Minchin\Application Data\Mozilla\Firefox\Profiles\wrsedgr1.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:06:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-15 20:10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 02:10:39
ComboFix2.txt 2008-12-15 21:40:40
ComboFix3.txt 2008-12-12 01:22:01
ComboFix4.txt 2008-11-28 07:12:18
ComboFix5.txt 2008-12-16 01:59:34

Pre-Run: 28,246,929,408 bytes free
Post-Run: 28,259,213,312 bytes free

210 --- E O F --- 2008-12-12 06:25:20

HIGHJACKTHIS:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:28 PM, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carleemay7415.spaces.live.com/Photo...ad/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...257/mcfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.11.cab?
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11989 bytes


UNINSTALL LIST:

18 Wheels of Steel: Haulin'
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Reader 7.1.0
Adobe Reader 8.1.1
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Console Classix 4.05
Corel Snapfire DVD Maker
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center (Support Software)
DellSupport
FastStone Photo Resizer 2.5
Google Earth
Google Toolbar for Internet Explorer
Grand Theft Auto Vice City
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Connections 12.1.8.0
iTunes
Java™ 6 Update 11
K-Lite Codec Pack 4.3.4 (Full)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MX vs ATV Unleashed
NVIDIA Drivers
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Scooby-Doo™, Case File #1 The Glowing Bug Man
Scooby-Doo™, Case File #2 The Scary Stone Dragon
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Activation Module
Spybot - Search & Destroy
Uninstall 1.0.0.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

Does Symantec still show on my computer? I have no clue what that is
What all should I have for protection on my computer so this does not happen again?
I Scan Every week...sometimes two so is there anything else I should know to maintain everything?


Thanks

#11 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 16 December 2008 - 04:08 AM

Hi Carleemay,

Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

Does Symantec still show on my computer? I have no clue what that is

Its a security suite that should have been uninstalled and removed completely before you installed Avast. It usually requires a special tool to uninstall completely but We got most of it on the last run. I'm including a removal of the remainder this time.

Go to Start->Run and type in notepad and click OK.
Now copy and paste the following bold text into Notepad:

sc stop LiveUpdate - Symantec Corporation
sc delete LiveUpdate - Symantec Corporation
sc stop LiveUpdate Notice Service
sc delete LiveUpdate Notice Service
del delete.bat


Change the Save as type to *All Files*
Save the file to your Desktop as "delete.bat".
Make sure to save it with the quotes.
Go to the Desktop and Double click on "delete.bat".

Reboot the Computer.

Open Hijackthis, take another scan and place a checkmark next to these entries.


O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)


Close all open Windows except Hijackthis and click on "fix Checked".

Reboot the Computer again.

Combofix run:


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad*

Copy and paste all the text in the quotebox below into it:


KillAll::

File::
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

Folder::
C:\documents and settings\Carlee Minchin\Application Data\LimeWire
C:\PROGRA~1\Symantec\LIVEUP~1

ADS::
C:\windows\system32


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Posted Image

If the image isn't visible Click Here to view.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This reactivates Combofix. Again follow the prompts.

It will create another System restore point.

When finished, it shall produce a log for you at C:\ComboFix.txt

Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Download CCleaner from here to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location.
Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
Click Run Cleaner to run the program.
Caution: Uncheck the 'Issues' tab as it's not necessary for the purpose of this fix.
After it has completed it's process, click Exit.

I have been succesful at downloading malwarebytes again and it works
Here are all the Logs:


If you've already run Malwarebytes, please post the report as I need to see it. Otherwise run it again at this point and post the new log

What all should I have for protection on my computer so this does not happen again?
I Scan Every week...sometimes two so is there anything else I should know to maintain everything?


You need a good third party firewall if you haven't already got one. The Windows firewall is only a stop-gap. Avast do a good firewall but let me know about this please.

I strongly recommend adding the following additional protections:

McAffee Site advisor.
http://www.siteadvisor.com/
This is to protect you from bad Internet sites.

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
This is to protect you from bad active X infections.

Be sure to include a new HJT log and a new uninstall list in your next reply.

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#12 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 16 December 2008 - 01:16 PM

Ok I think I Have done everything you have asked so here are the new logs:

ComboFix 08-12-11.04 - Carlee Minchin 2008-12-16 10:31:30.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.595 [GMT -6:00]
Running from: c:\documents and settings\Carlee Minchin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carlee Minchin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carlee Minchin\Application Data\LimeWire
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\active.mojito
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\downloads.dat
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\filters.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\gnutella.net
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\installation.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\library.dat
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\limewire.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\mojito.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\passive.mojito
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\questions.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\responses.cache
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\simpp.xml
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\spam.dat
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\tables.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\Thumbs.db
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\ttree.cache
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\version.xml
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\versions.props
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\Thumbs.db
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Carlee Minchin\Application Data\LimeWire\xml\schemas\video.xsd
c:\progra~1\Symantec\LIVEUP~1
c:\progra~1\Symantec\LIVEUP~1\1.Settings.Default.LiveUpdate
c:\progra~1\Symantec\LIVEUP~1\ALUNOTIFY.EXE
c:\progra~1\Symantec\LIVEUP~1\ALUNOTIFYRES.DLL
c:\progra~1\Symantec\LIVEUP~1\AluSchedulerSvcRes.dll
c:\progra~1\Symantec\LIVEUP~1\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\AUPDATERES.DLL
c:\progra~1\Symantec\LIVEUP~1\LSETUP.EXE
c:\progra~1\Symantec\LIVEUP~1\LSETUPRES.DLL
c:\progra~1\Symantec\LIVEUP~1\LUALL.EXE
c:\progra~1\Symantec\LIVEUP~1\LUALLRES.DLL
c:\progra~1\Symantec\LIVEUP~1\LuCallbackProxy.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\progra~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
c:\progra~1\Symantec\LIVEUP~1\LuComServerPS_3_0.DLL
c:\progra~1\Symantec\LIVEUP~1\LuComServerRes.dll
c:\progra~1\Symantec\LIVEUP~1\ludirloc.dat
c:\progra~1\Symantec\LIVEUP~1\LUINFO.INF
c:\progra~1\Symantec\LIVEUP~1\LUInit.exe
c:\progra~1\Symantec\LIVEUP~1\LUInit.ini
c:\progra~1\Symantec\LIVEUP~1\LUINSDLL.DLL
c:\progra~1\Symantec\LIVEUP~1\LUINSDLLRES.DLL
c:\progra~1\Symantec\LIVEUP~1\luinventoryinst.jar
c:\progra~1\Symantec\LIVEUP~1\LuPreCon.DLL
c:\progra~1\Symantec\LIVEUP~1\LuResult.txt
c:\progra~1\Symantec\LIVEUP~1\LUSESAIntegration.dll
c:\progra~1\Symantec\LIVEUP~1\LUSESAIntegrationRes.dll
c:\progra~1\Symantec\LIVEUP~1\LUSETUP.EXE
c:\progra~1\Symantec\LIVEUP~1\LUUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\MFC71.DLL
c:\progra~1\Symantec\LIVEUP~1\MSVCP71.DLL
c:\progra~1\Symantec\LIVEUP~1\MSVCR71.DLL
c:\progra~1\Symantec\LIVEUP~1\NetDetectController_3_0.DLL
c:\progra~1\Symantec\LIVEUP~1\ProductRegCom_3_0.DLL
c:\progra~1\Symantec\LIVEUP~1\providerInst.jar
c:\progra~1\Symantec\LIVEUP~1\README.TXT
c:\progra~1\Symantec\LIVEUP~1\S32LIVE1.DLL
c:\progra~1\Symantec\LIVEUP~1\S32LUCP1.CPL
c:\progra~1\Symantec\LIVEUP~1\S32LUCP1RES.DLL
c:\progra~1\Symantec\LIVEUP~1\S32LUIS1.DLL
c:\progra~1\Symantec\LIVEUP~1\S32LUWI1.DLL
c:\progra~1\Symantec\LIVEUP~1\SESA.Settings.LiveUpdate
c:\progra~1\Symantec\LIVEUP~1\Settings.Default.LiveUpdate
c:\progra~1\Symantec\LIVEUP~1\SymantecRootInstaller.exe
c:\progra~1\Symantec\LIVEUP~1\SymantecRootInstaller.log
c:\progra~1\Symantec\LIVEUP~1\SymantecRootInstallerRes.dll
c:\progra~1\Symantec\LIVEUP~1\UNRAR.DLL
c:\progra~1\Symantec\LIVEUP~1\winluproviderinst.jar

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-15 19:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:16 . 2008-12-15 19:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 19:16 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 19:13 . 2008-12-15 19:13 <DIR> d-------- c:\program files\Bonjour
2008-12-15 19:11 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-15 19:11 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-15 19:10 . 2008-12-15 19:11 <DIR> d-------- c:\program files\iTunes
2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\program files\iPod
2008-12-15 19:10 . 2008-12-15 19:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 19:09 . 2008-12-15 19:10 <DIR> d-------- c:\program files\QuickTime
2008-12-15 19:03 . 2008-12-15 19:10 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 08:23 . 2008-12-11 08:23 <DIR> d-------- C:\rsit
2008-12-10 09:45 . 2008-12-15 18:51 5,018 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\Media Player Classic
2008-12-07 16:20 . 2008-12-07 16:20 <DIR> d-------- c:\documents and settings\dominik\Application Data\DivX
2008-12-06 21:08 . 2004-01-25 10:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-06 21:08 . 2007-09-04 10:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-06 21:08 . 2007-07-10 10:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 21:08 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2008-12-03 16:31 . 2008-12-03 16:31 <DIR> d-------- c:\documents and settings\dominik\Application Data\FastStone
2008-12-03 16:26 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\dominik\Application Data\Roxio
2008-12-03 16:25 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\dominik\Application Data\InstallShield
2008-12-03 16:25 . 2007-10-19 20:20 <DIR> d--h----- c:\documents and settings\dominik\Application Data\GTek
2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-------- c:\documents and settings\dominik
2008-11-28 12:34 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-28 12:34 . 2008-11-10 03:39 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-28 01:06 . 2008-11-28 01:12 <DIR> d-------- C:\Combo-Fix
2008-11-27 02:13 . 2008-12-10 17:30 4,074,306 --a------ c:\windows\pfirewall.log.old
2008-11-26 23:53 . 2008-11-26 23:53 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:47 . 2008-11-25 16:47 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 11:15 . 2008-11-25 11:21 <DIR> d-------- C:\SDFix
2008-11-25 01:00 . 2007-10-19 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-25 01:00 . 2007-10-19 20:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\GTek
2008-11-25 01:00 . 2008-11-25 01:00 <DIR> d-------- c:\documents and settings\Administrator
2008-11-24 21:29 . 2008-11-24 21:29 104 --a------ c:\windows\system32\&Search.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 16:32 --------- d-----w c:\program files\Symantec
2008-12-16 01:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-16 00:57 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Corel
2008-12-15 21:57 --------- d-----w c:\program files\Google
2008-12-15 05:57 --------- d-----w c:\program files\Lavasoft
2008-12-12 14:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-12 06:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-07 03:18 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\DivX
2008-12-07 03:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-03 01:26 --------- d-----w c:\program files\Java
2008-11-12 15:22 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\GetRightToGo
2008-11-12 15:06 --------- d-----w c:\program files\Microsoft Works
2008-11-12 15:05 --------- d-----w c:\program files\Microsoft.NET
2008-11-12 14:47 --------- d-----w c:\program files\MSECACHE
2008-11-10 23:00 --------- d-----w c:\program files\Total Video2DVD Author
2008-11-05 15:19 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Malwarebytes
2008-11-05 15:19 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-11-05 03:48 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-05 02:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-04 01:16 --------- d-----w c:\program files\DivX
2008-10-25 18:41 --------- d-----w c:\documents and settings\Carlee Minchin\Application Data\Roxio
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-24 21:33 5,384,109 ----a-w c:\documents and settings\Carlee Minchin\Application Data\consoleclassixsetup.exe
2008-03-05 14:14 47,360 ----a-w c:\documents and settings\Carlee Minchin\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-15_15.40.01.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-16 01:13:19 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2008-12-16 01:11:34 102,400 ----a-r c:\windows\Installer\{318AB667-3230-41B5-A617-CB3BF748D371}\iTunesIco.exe
+ 2008-04-17 19:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2008-04-17 19:12:54 15,464 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-11-07 20:23:30 32,000 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
+ 2008-12-16 16:36:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
+ 2008-12-16 16:36:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
"PMX Daemon"="ICO.EXE" [2007-03-08 c:\windows\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 PEP_HKA;PEP_HKA;c:\windows\system32\Drivers\PEP_HKA.SYS [2008-01-23 15040]
R0 pepbus;pepbus;c:\windows\system32\DRIVERS\pepbus.sys [2008-01-23 16624]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-15 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-15 20560]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-11-08 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-11-08 14336]
S3 pepscsi;pepscsi;c:\windows\system32\DRIVERS\pepscsi.sys [2008-01-23 101192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7beb6f7-f425-11dc-a082-001aa08fa97f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
FF - ProfilePath - c:\documents and settings\Carlee Minchin\Application Data\Mozilla\Firefox\Profiles\wrsedgr1.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 10:36:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\pmxmiced.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-16 10:41:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 16:41:54
ComboFix2.txt 2008-12-16 02:10:43
ComboFix3.txt 2008-12-15 21:40:40
ComboFix4.txt 2008-12-12 01:22:01
ComboFix5.txt 2008-12-16 16:30:41

Pre-Run: 23,404,228,608 bytes free
Post-Run: 23,870,271,488 bytes free

319 --- E O F --- 2008-12-12 06:25:20


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:59 AM, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://carleemay7415.spaces.live.com/Photo...ad/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...257/mcfscan.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.11.cab?
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11810 bytes


18 Wheels of Steel: Haulin'
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Reader 7.1.0
Adobe Reader 8.1.1
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Browser Address Error Redirector
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Console Classix 4.05
Corel Snapfire DVD Maker
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center (Support Software)
DellSupport
FastStone Photo Resizer 2.5
Google Earth
Google Toolbar for Internet Explorer
Grand Theft Auto Vice City
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Connections 12.1.8.0
iTunes
Java™ 6 Update 11
K-Lite Codec Pack 4.3.4 (Full)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Gaming Software
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mouse Suite for Desktop Computers
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MX vs ATV Unleashed
NVIDIA Drivers
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Scooby-Doo™, Case File #1 The Glowing Bug Man
Scooby-Doo™, Case File #2 The Scary Stone Dragon
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonic Activation Module
Spybot - Search & Destroy
Uninstall 1.0.0.0
Update for Office 2007 (KB946691)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Toolbar

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.31
Database version: 1504
Windows 5.1.2600 Service Pack 3

16/12/2008 11:50:51 AM
mbam-log-2008-12-16 (11-50-51).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 126591
Time elapsed: 1 hour(s), 0 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b50bb4ac-47b7-4a9d-b1dd-f04fc1eaedfe} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP461\A0098041.dll (Trojan.TDSS) -> Quarantined and deleted successfully.


Before I Install McAffee Site Advisor and Spywareblaster should I Uninstall spybot or any other protection I Already have?

#13 Joe - London

Joe - London

  • Security Colleague
  • 327 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:01 PM

Posted 16 December 2008 - 01:58 PM

Hi Carleemay,

Before I Install McAffee Site Advisor and Spywareblaster should I Uninstall spybot or any other protection I Already have?

I suggest keeping Spybot S & D on your hard drive but not running at start-up. Check out its preferences or settings within the programme and make sure its disabled. You can then use it if and when necessary.
Malwarebytes is a trial version so I suggest uninstalling that now.

We need to clear up the issue of you firewall as this is perhaps your most important security programme. Do you have a good third party firewall? If so what is it?

You can go ahead and install Spywareblaster and McAffee Site Advisor.

The symantec service below is being difficult. I suspect its because we don't know what they call it.

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

Can you complete the above and then download and run this programme to help us:

Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you. getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.

Let me know if you installed the above and about your firewall. What other security programmes were you referring to?

Joe.
If I have helped you in any way, please consider a donation:
Posted Image
Member of UNITE and ASAP.

#14 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 16 December 2008 - 05:30 PM

The only Programs I Have on here are advast....malwarebytes and spybot....I Have no clue onto whcih have firewalls lol sorry. I'm thinking the only firewall I have is the windows one and advast. Ill download those programs and uninstall malwarebytes....Here is the log


SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2300
FLAGS :
DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Apple Mobile Device
DISPLAY_NAME: Apple Mobile Device
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 428
FLAGS :
DESCRIPTION : Provides the interface to Apple mobile devices.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Apple Mobile Device
DEPENDENCIES : Tcpip
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: aswUpdSv
DISPLAY_NAME: avast! iAVS4 Control Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1372
FLAGS :
DESCRIPTION : Provides automatic updating for the avast! antivirus.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! iAVS4 Control Service
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: avast! Antivirus
DISPLAY_NAME: avast! Antivirus
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1420
FLAGS :
DESCRIPTION : Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Antivirus
DEPENDENCIES : aswMon2
: RpcSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: avast! Mail Scanner
DISPLAY_NAME: avast! Mail Scanner
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1820
FLAGS :
DESCRIPTION : Implements mail scanning for avast! antivirus.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Mail Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: avast! Web Scanner
DISPLAY_NAME: avast! Web Scanner
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1928
FLAGS :
DESCRIPTION : Implements web (HTTP) scanning for avast! antivirus.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Web Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Bonjour Service
DISPLAY_NAME: Bonjour Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 440
FLAGS :
DESCRIPTION : Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Bonjour\mDNSResponder.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Bonjour Service
DEPENDENCIES : Tcpip
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 968
FLAGS :
DESCRIPTION : Provides launch functionality for DCOM services.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1260
FLAGS :
DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 764
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides management for applications that require assistance in a multiple user environment.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: hnmsvc
DISPLAY_NAME: Advanced Networking Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 488
FLAGS :
DESCRIPTION :

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Dell Network Assistant\hnm_svc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Advanced Networking Service
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: iPod Service
DISPLAY_NAME: iPod Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 3240
FLAGS :
DESCRIPTION : iPod hardware management services

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPod Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: JavaQuickStarterService
DISPLAY_NAME: Java Quick Starter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 676
FLAGS :
DESCRIPTION : Prefetches JRE files for faster startup of Java applets and applications

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Java Quick Starter
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1332
FLAGS :
DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: NVSvc
DISPLAY_NAME: NVIDIA Display Driver Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 700
FLAGS :
DESCRIPTION : Provides system and desktop level support to the NVIDIA display driver

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 764
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 776
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 776
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ProtexisLicensing
DISPLAY_NAME: ProtexisLicensing
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 912
FLAGS :
DESCRIPTION : Protexis Licensing Service

TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\PSIService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ProtexisLicensing
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Creates a network connection.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RoxMediaDB9
DISPLAY_NAME: RoxMediaDB9
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2620
FLAGS :
DESCRIPTION : Roxio RoxMediaDB9 Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : RoxMediaDB9
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RoxWatch9
DISPLAY_NAME: Roxio Hard Drive Watcher 9
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1204
FLAGS :
DESCRIPTION :

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Roxio Hard Drive Watcher 9
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1036
FLAGS :
DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
SERVICE_START_NAME : NT Authority\NetworkService

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 776
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Stores security information for local user accounts.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides notifications for AutoPlay hardware events.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1736
FLAGS :
DESCRIPTION : Loads files to memory for later printing.

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: sprtsvc_dellsupportcenter
DISPLAY_NAME: SupportSoft Sprocket Service (dellsupportcenter)
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1348
FLAGS :
DESCRIPTION : SupportSoft Sprocket Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SupportSoft Sprocket Service (dellsupportcenter)
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: SSDPSRV
DISPLAY_NAME: SSDP Discovery Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1332
FLAGS :
DESCRIPTION : Enables discovery of UPnP devices on your home network.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1472
FLAGS :
DESCRIPTION : Provides image acquisition services for scanners and cameras.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 968
FLAGS :
DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides user experience theme management.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: w32time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1332
FLAGS :
DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Monitors system security settings and configurations.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
SERVICE_START_NAME : LocalSystem

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1132
FLAGS :
DESCRIPTION : Provides automatic configuration for the 802.11 adapters

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME : LocalSystem

#15 CarleeMay

CarleeMay
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 16 December 2008 - 05:37 PM

I Downloaded spyware blaster but it wouldn't let me download McAffee...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users