Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Generic Trojan,2 Backdoor viruses, and 2 worm viruses


  • This topic is locked This topic is locked
30 replies to this topic

#1 patbrew

patbrew

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 26 October 2009 - 09:12 PM

Dear tech,
I have run a BitDefender deep scan and several scans with AVG, Advanced System Care Pro, and IOBit Security 360 and still cannot get my puter to run as it should. I cleaned out several hundred photos and removed from hard drive and lost disk space rather than gained. Also was attacked by the GreenAV or GreenVA thing. That is when the problem really started.
I have a lot of programs that are running that I don't need but I don't know what is necessary and what is not. It seems that the CPU usage has increased unnecessarily and too many programs are loading at startup. I prefer Firefox browser but lately it is using a lot of cpu usage and causes puter to run very loud and interferes with my gaming and browsing. Puter freezes up a lot.
I have mcafee site advisor and for the most part I am careful even with the research sites I open. I am getting very frustrated with my puter. I do use Game Booster recently to help with gaming freezes, but I should not need to use it if puter were running properly. Should I seriously consider reinstalling Windows? I have been trying to remove the photos a few at a time which takes so long to burn on CD's as I am out of practice. As I have aged I find it more difficult to relearn my software.
I truly appreciate all the help you can give me and will follow your advice explicitly.
Thank you so much

Attached Files


Edited by patbrew, 27 October 2009 - 09:11 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:22 AM

Posted 02 November 2009 - 10:35 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 04:25 PM

thank you so much Mole. I am sorry that I missed you yesterday. I have been checking back several times a day and can't believe I missed you. I have been about to go crazy over this mess. and that is jusst what it is, a mess. I now believe my Firefox browser has been hijacked.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:22 AM

Posted 03 November 2009 - 04:46 PM

Hi patbrew,


First we need to deal with something more mundane :)

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Authentium.


Now let's take a look at the logs. Rootkits don't seem to be featuring so that's good. :(


The DDS log is also not showing anything so let's try a deeper scan, after we run MBAM - a removal tool.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Now RSIT, the scanner
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 04:58 PM

sorry I am going to sAtRT OVER. I was too quick and missed your instructions. Just amin please. uuuuuwwwww

#6 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 05:01 PM

command just ask to run. did not ask for any updates , etc.

#7 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 09:04 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3095
Windows 5.1.2600 Service Pack 3

11/3/2009 7:51:30 PM
mbam-log-2009-11-03 (19-51-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 366280
Time elapsed: 3 hour(s), 16 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Patricia Brewster.D5C3F971\My Documents\PCMightyMax2009_155.EXE (Rogue.PCMightyMax) -> Quarantined and deleted successfully.

#8 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 09:07 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patricia Brewster at 2009-11-03 20:06:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (30%) free of 73 GB
Total RAM: 510 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:20 PM, on 11/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Patricia Brewster.D5C3F971\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Patricia Brewster.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://66.48.69.102
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

--
End of file - 7508 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AWC AutoCare.job
C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2530074285-1245022578-4182769898-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2530074285-1245022578-4182769898-1006UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-03 782336]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-10-26 1242384]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-02-19 202064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare V2 Personal]
C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2009-01-21 16712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2009-02-11 801904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-14 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe -hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [1999-09-04 53317]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ScreenArt.lnk]
C:\PROGRA~1\SCREEN~1\WillowRd.exe [2001-07-11 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"SQLWriter"=3
"QBFCService"=3
"ProtectionService"=2
"ose"=3
"NetSvc"=3
"EarthLinkMonitor"=2
"dvpapi"=2
"DSBrokerService"=3
"avg8wd"=2
"avg8emc"=2
"Ati HotKey Poller"=2
"ADSService"=3
"aawservice"=2
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-10-07 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\WINDOWS\SYSTEM32\dxdiag.exe"="C:\WINDOWS\SYSTEM32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\SYSTEM32\dpvsetup.exe"="C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\WINDOWS\SYSTEM32\dpnsvr.exe"="C:\WINDOWS\SYSTEM32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\DellConnect\Bin\Launch.exe"="C:\Program Files\DellConnect\Bin\Launch.exe:*:Enabled:DellConnect"
"C:\Program Files\Real\RealPlayer\RecordingManager.exe"="C:\Program Files\Real\RealPlayer\RecordingManager.exe:*:Disabled:RealNetworks Download and Record Manager"
"C:\WINDOWS\SYSTEM32\mmc.exe"="C:\WINDOWS\SYSTEM32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-11-03 20:06:06 ----D---- C:\rsit
2009-11-03 16:03:37 ----D---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\Malwarebytes
2009-11-03 16:03:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-03 16:03:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-03 06:26:06 ----D---- C:\Program Files\Safari
2009-11-01 15:53:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-01 15:53:35 ----D---- C:\Program Files\Alwil Software
2009-10-26 22:08:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2009-10-26 22:08:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2009-10-26 22:08:18 ----D---- C:\Program Files\NortonInstaller
2009-10-26 22:08:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-10-26 21:53:54 ----A---- C:\WINDOWS\setup.ini
2009-10-26 21:53:48 ----A---- C:\WINDOWS\wplog.txt
2009-10-26 19:02:06 ----A---- C:\RootRepeal report 10-26-09 (20-02-06).txt
2009-10-23 08:54:16 ----D---- C:\Program Files\Trend Micro
2009-10-14 07:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 07:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 07:51:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 07:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 07:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 07:46:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 07:40:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 07:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 07:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 21:24:26 ----D---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\BitDefender
2009-10-11 21:23:10 ----D---- C:\Program Files\BitDefender
2009-10-11 21:23:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2009-10-11 21:20:29 ----D---- C:\Program Files\Common Files\BitDefender

======List of files/folders modified in the last 1 months======

2009-11-03 20:06:12 ----D---- C:\WINDOWS\Prefetch
2009-11-03 19:58:57 ----D---- C:\WINDOWS\TEMP
2009-11-03 19:53:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-03 19:52:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-03 16:03:27 ----D---- C:\WINDOWS\system32\DRIVERS
2009-11-03 16:03:26 ----RD---- C:\Program Files
2009-11-03 15:16:41 ----D---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\SiteAdvisor
2009-11-03 15:16:34 ----D---- C:\Program Files\Mozilla Firefox
2009-11-03 13:38:12 ----D---- C:\WINDOWS
2009-11-03 12:51:00 ----SHD---- C:\WINDOWS\Installer
2009-11-03 12:51:00 ----HD---- C:\Config.Msi
2009-11-03 06:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-03 06:34:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-02 19:02:09 ----D---- C:\WINDOWS\SYSTEM32
2009-11-02 19:02:02 ----D---- C:\Documents and Settings
2009-11-02 10:33:30 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-01 17:15:31 ----D---- C:\WINDOWS\system32\CONFIG
2009-11-01 17:12:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-11-01 11:25:46 ----D---- C:\Program Files\McAfee
2009-11-01 11:25:46 ----D---- C:\Program Files\Common Files
2009-11-01 11:23:27 ----RASH---- C:\boot.ini
2009-11-01 11:14:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2009-11-01 07:43:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-30 17:07:13 ----D---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\IObit
2009-10-29 12:23:10 ----D---- C:\Program Files\Opera
2009-10-29 12:18:35 ----SD---- C:\WINDOWS\Tasks
2009-10-28 13:52:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2009-10-28 09:32:42 ----D---- C:\Downloads
2009-10-27 23:10:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-10-27 07:41:47 ----D---- C:\Program Files\QuickTime
2009-10-27 07:15:19 ----D---- C:\Program Files\Coupons
2009-10-26 22:54:03 ----SHD---- C:\RECYCLER
2009-10-26 21:53:53 ----HD---- C:\WINDOWS\INF
2009-10-26 21:53:53 ----D---- C:\WINDOWS\Help
2009-10-26 21:53:53 ----D---- C:\Program Files\Web Publish
2009-10-26 21:53:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-26 21:17:04 ----AC---- C:\WINDOWS\WIN.INI
2009-10-26 21:17:04 ----AC---- C:\WINDOWS\SYSTEM.INI
2009-10-26 18:04:07 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-26 18:03:13 ----SHD---- C:\System Volume Information
2009-10-26 17:47:02 ----D---- C:\WINDOWS\Registration
2009-10-26 17:31:19 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-10-22 19:24:38 ----D---- C:\WINDOWS\Debug
2009-10-14 11:57:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 11:26:45 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-10-14 07:59:31 ----D---- C:\WINDOWS\WinSxS
2009-10-14 07:52:43 ----A---- C:\WINDOWS\imsins.BAK
2009-10-14 07:52:38 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2009-10-14 07:49:09 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 07:49:08 ----D---- C:\Program Files\Internet Explorer
2009-10-14 07:48:19 ----D---- C:\WINDOWS\ie7updates
2009-10-14 07:40:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 05:42:00 ----D---- C:\Program Files\IObit
2009-10-12 02:00:47 ----D---- C:\Program Files\Game Accelerator
2009-10-09 17:50:21 ----SD---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\Microsoft
2009-10-05 14:10:13 ----A---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DirectCDUserNameE.txt
2009-10-05 14:07:35 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-05 14:07:35 ----D---- C:\WINDOWS\SECURITY
2009-10-05 14:07:35 ----D---- C:\I386
2009-10-05 14:07:35 ----D---- C:\Documents and Settings\Patricia Brewster.D5C3F971\Application Data\Smilebox
2009-10-05 14:07:34 ----D---- C:\WINDOWS\REPAIR
2009-10-05 14:07:34 ----D---- C:\WINDOWS\ol98logs
2009-10-05 14:07:34 ----D---- C:\WINDOWS\Logs
2009-10-05 14:07:34 ----D---- C:\Program Files\Sprint
2009-10-05 14:07:34 ----D---- C:\Program Files\EMBARQ
2009-10-05 14:07:34 ----D---- C:\37f79af447e77e09faca5a185c5cb649
2009-10-05 13:46:03 ----D---- C:\My Pictures
2009-10-05 12:25:31 ----RD---- C:\My Documents

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 npapimon;npapimon; C:\WINDOWS\system32\drivers\npapimon.sys [2004-07-14 21723]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2009-04-26 143834]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssdiagn;ssdiagn; C:\WINDOWS\system32\drivers\ssdiagn.sys [2004-07-14 10906]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2009-04-26 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2005-05-16 768712]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2006-11-10 42040]
R2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [1999-08-10 34916]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-10-12 146312]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-04-06 266376]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2009-04-26 30630]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-02-11 14572]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-12 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-12 20480]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [2006-11-20 56728]
S3 ADSMonitor;ADSMonitor; C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 35352]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2009-04-26 25898]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCI_Ctrl;PCI_Ctrl; \??\C:\WINDOWS\system32\drivers\PCI_Ctrl.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-10-26 312592]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-11-03 419096]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-06 1626112]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-10-07 16680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe []
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2005-05-16 142416]
S4 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-11-23 89792]
S4 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2007-06-09 20480]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#9 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 09:09 PM

info.txt logfile of random's system information tool 1.06 2009-11-03 20:06:26

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A Fairy Tale-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\afairytale.rguninst" "AddRemove"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Amazing Windows XP Screen Saver 1.2-->C:\WINDOWS\unins001.exe
Ancient Secrets-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\ancientsecrets.rguninst" "AddRemove"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitDefender Free Edition 2009-->MsiExec.exe /X{44B436FA-FB33-4B24-8AD1-D8C9A50474E9}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cradle of Rome-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Cradle of Rome.rguninst" "AddRemove"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{5380B111-5047-413D-A6E5-70D69391D08E}
ebgcSDK-->MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
EPSON CX5000 Series User's Guide-->C:\Program Files\epson\guide\cx5000_e\uninstall.exe
EPSON Printer Software-->C:\Program Files\EPSON\PrinterDriverTemp\SCX5000\EPUPDATE.EXE /r
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX5000 Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers-->Prounstl.exe
IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe"
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{24960CD0-661D-4957-9D5F-D2905A30EDB1}
Jasc Paint Shop Pro Studio Additional Content-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG
Jasc Paint Shop Pro Studio GDI+ Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG
Jasc Paint Shop Pro Studio.01 - (1.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG
Jasc Paint Shop Pro Studio-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2000-->MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NeroMediaPlayer-->C:\WINDOWS\UNNMP.exe /UNINSTALL
OLYMPUS CAMEDIA Master 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.3
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PrintMaster 7.00-->c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickBooks Simple Start Free Starter Edition-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Free Starter Edition" ADDREMOVE=1 OEMVENDOR=DIRECT
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serif DrawPlus 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"
Smart Defrag 1.20-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins002.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SupportSoft Agent Controls-->MsiExec.exe /I{D0BC2DE7-CA1D-41DA-B096-68695B4AC5C3}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\Intel 32\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Virtual Assistant Online-->C:\PROGRA~1\EMBARQ\UNWISE.EXE C:\PROGRA~1\EMBARQ\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Willow Road Screen Art-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\SCREEN~1\Uninst.isu
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\Messenger\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\Messenger\INSTALL.LOG

======Hosts File======

69.10.51.38 a1.review.zdnet.com
69.10.51.38 d1.reviews.cnet.com
69.10.51.38 reviews.riverstreams.co.uk
69.10.51.38 reviews.download.com
69.10.51.38 review.2009softwarereviews.com
69.10.51.38 reviews.pcmag.com
69.10.51.38 reviews.pcadvisor.co.uk
69.10.51.38 reviews.techradar.com
69.10.51.38 reviews.pcpro.co.uk
69.10.51.38 www.reevoo.com

======Security center information======

AV: Authentium Antivirus
AV: avast! antivirus 4.8.1356 [VPS 091103-1]
AV: EarthLink Antivirus
FW: EarthLink Firewall (disabled)

======System event log======

Computer Name: PAT
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 222046
Source Name: Service Control Manager
Time Written: 20091007080936.000000-300
Event Type: error
User:

Computer Name: PAT
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Lbd

Record Number: 222029
Source Name: Service Control Manager
Time Written: 20091007070829.000000-300
Event Type: error
User:

Computer Name: PAT
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 222028
Source Name: Service Control Manager
Time Written: 20091007070824.000000-300
Event Type: error
User:

Computer Name: PAT
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Lbd

Record Number: 222012
Source Name: Service Control Manager
Time Written: 20091007065308.000000-300
Event Type: error
User:

Computer Name: PAT
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 222010
Source Name: Service Control Manager
Time Written: 20091007065303.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: PAT
Event Code: 1000
Message: Faulting application safari.exe, version 3.525.21.0, faulting module npswf32.dll, version 9.0.124.0, fault address 0x0008cad4.

Record Number: 439518
Source Name: Application Error
Time Written: 20080824170534.000000-300
Event Type: error
User:

Computer Name: PAT
Event Code: 1517
Message: Windows saved user PAT\Patricia Brewster registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 439514
Source Name: Userenv
Time Written: 20080823092500.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAT
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 439513
Source Name: Userenv
Time Written: 20080823092456.000000-300
Event Type: warning
User: PAT\Patricia Brewster

Computer Name: PAT
Event Code: 1517
Message: Windows saved user PAT\Patricia Brewster registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 439509
Source Name: Userenv
Time Written: 20080820125805.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PAT
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 439508
Source Name: Userenv
Time Written: 20080820125803.000000-300
Event Type: warning
User: PAT\Patricia Brewster

=====Security event log=====

Computer Name: PAT
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x1619C)

Privileges: SeChangeNotifyPrivilege

Record Number: 114136
Source Name: Security
Time Written: 20091025072447.000000-300
Event Type: audit success
User: PAT\Guest

Computer Name: PAT
Event Code: 540
Message: Successful Network Logon:

User Name: Guest

Domain: PAT

Logon ID: (0x0,0x1619C)

Logon Type: 3

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: PAT

Logon GUID: -

Record Number: 114135
Source Name: Security
Time Written: 20091025072447.000000-300
Event Type: audit success
User: PAT\Guest

Computer Name: PAT
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: Guest

Source Workstation: PAT

Error Code: 0x0


Record Number: 114134
Source Name: Security
Time Written: 20091025072447.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: PAT
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: BitDefenderComm

Source Workstation: PAT

Error Code: 0xC0000064


Record Number: 114133
Source Name: Security
Time Written: 20091025072447.000000-300
Event Type: audit failure
User: NT AUTHORITY\SYSTEM

Computer Name: PAT
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 114132
Source Name: Security
Time Written: 20091025072445.000000-300
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0401
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"LANG"=C
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:22 AM

Posted 03 November 2009 - 09:23 PM

There's nothing showing at all on the logs, patbrew.

MBAM found one item which wasn't that dangerous.


I would like to do two things. First please update your Java and remove old versions with JavaRa

Old versions of Java are big doors to malware. JavaRa removes them and updates your version to the most current.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Now please run the ESET online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If there is any minor malware files still hanging round which might identify what you have (or more likely had) then ESET will catch them.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#11 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 09:24 PM

Thank you so much Mole. I am very interested in what you have to instruct me to do and I would like info on a very goos free antivirus software. I uninstalled my AVG and installed Avast but do not like the Resident feature of Avast. It may or may not be the cause of Firefox going haywire. I have stoped using Firefox and had to go back to IE. I wish I knew how to fix Firefox. Loaded it this afternoon and it just went wild got a thing called Brand Thunder with a theme that would not let me uninstall it. I tried for 30 mins uninstalling and re starting Firefox and it would not uninstall. I have so many questions about what is in my computer. I know I have a lot of things that are useless.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:22 AM

Posted 03 November 2009 - 09:27 PM

Hi patbrew,

I will answer any questions you have once ESET has confirmed that you're clean.

Everybody has some useless stuff installed on their PC at some time in the past. I can certainly look at removing anything you don't need (with your permission of course) :(
Posted Image
m0le is a proud member of UNITE

#13 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 03 November 2009 - 10:04 PM

thank you so much mole. The scan is in Step 3 of 4 now.
Should I have run this from the Firefox browser? I am using IE right now. It is less frustrationg

Edited by patbrew, 03 November 2009 - 10:06 PM.


#14 patbrew

patbrew
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:01:22 AM

Posted 04 November 2009 - 04:33 AM

C:\Documents and Settings\Patricia Brewster.D5C3F971\My Documents\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:22 AM

Posted 04 November 2009 - 06:29 AM

It doesn't matter which browser you use for ESET. :(

Did ESET delete the above file?

If not please manually do so (as below)

Use Windows Explorer to find and delete this file:

C:\Documents and Settings\Patricia Brewster.D5C3F971\My Documents\Nero-6.6.1.15a.exe

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


Please post a new DDS log too.

Then we should be ready for the final instructions so you might want to hit me with these questions now :(

Edited by m0le, 04 November 2009 - 06:29 AM.

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users