My computer has the flu -- Trojan crypt.jis +more :(

chewyhelp · Joined: 07 Nov 2009 Posts: 7

Hi thank you so much for your help! I'm at a loss & think I may have made things worse...

I started watching television shows online streaming through hulu, fancast & network websites... I strayed & went to sidereel which I didn't realize linked to whatever, I'm assuming that's when I got the virus. the show was taking longer then the other sites & had a message that said to be patient the download may take a while. I closed the x in the top right hand corner to close the window. Think it was too late by that point in time. I got pop ups for virus. I'm new to Vista & didn't realize that I have Microsoft Defender not Microsoft System Defender so I clicked something in the message box. :(

I ended up with icons in the start menu, desktop, & both trays on the bottom of the screen (left hand is it called quick launch by the start button & right hand by the clock) when holding the mouse over the icons it said "Security Tool" instead of whatever the virus really was.

I immediately downloaded AVG Free, Lavasofts Ad-Aware, Spybot Search & Destroy... after installing some of them said I needed to reboot. I was scared to since there was a virus on it. So before rebooting I did full scans on with those one at a time & quarantined/fixed/whatever term they use the problems. I also went to the control panel & uninstalled programs I didn't use or were recently installed, including a coupon printer that is used on safeway.com It would NOT let me delete the item named coupon bar, which I wanted to uninstall since it shows up in the spybot scans. When I try to fix it through Spybot it says I need to do as administrator, I was logged in as Admin though. I deleted all the cookies/temp files/saved passwords on ie & Mozilla, or at least I thought I did. After doing all that I rebooted the computer. I was still having problems so after more searching online I downloaded Malwarebytes anti-malware & scanned with that. After scanning with that & using its fix/quarantine/get rid of button the icons disappeared & the fake windows pop ups disappeared. Rebooted again. Then ran all the scanners one at a time again... Lavasoft Adaware couldn't find anything, some of the others found a trojan, the coupon program that won't let me uninstall and something else.

I also use roborform which I've used for years. Have bank account numbers since I use online banking & QuickBooks, client information, the neat receipts scanner driver & program (so all my receipts, insurance policies, medical stuff, etc... for past couple years) I'm concerned that whatever I have can/will/has already taken all that information :( I also installed WinPatrol (the one with the Scotty Dog that patrols)

So I'm concerned that I've made things worse, haven't completely gotten rid of the problem, need to know specifically what information can be taken with virus so clients can be notified if necessary, need to get rid of the problem, need to know what combination of virus/spy/security/malware programs I should be running & what they should be set at for optimal performance to avoid this in the future.

-----------------------------START OF ROOT REPEAL------------------------------

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/06 22:56
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x91D66000 Size: 69632 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x91C9F000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB5B1F000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1680 Status: Locked to the Windows API!

SSDT
-------------------
#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x91df0620

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x91df06d0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x91df0770

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x91df0810

==EOF==

-----------------------------END OF ROOT REPEAL------------------------------

******************* BEGIN OF RSIT INFO ****************************

info.txt logfile of random's system information tool 1.06 2009-11-06 22:48:26

======Uninstall list======

-->"C:\Program Files\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dell Game Console\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Dream Chronicles\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\FATE\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 9 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000004}
Adobe Acrobat 9 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000004}
Adobe Acrobat 9.2.0 - CPSID_50026-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000004}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Business Contact Manager for Outlook 2007 SP2-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP2-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000fz.INF
CouponBar-->regsvr32 /u /s "C:\Users\Bella\AppData\Local\Temp\low\CouponBarIE.dll"
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DELL0604-->MsiExec.exe /I{3D8F9830-D6A3-413A-9A54-993827A73E47}
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet J6400 Series-->C:\Program Files\HP\Digital Imaging\{15262012-213A-4f65-9019-C8A409EC0156}\setup\hpzscr01.exe -datfile hpwscr14.dat -forcereboot
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{25771101-7948-4591-ABF3-B1ECE7A7F45F}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Express Edition (NR2007)-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Modem Diagnostic Tool-->MsiExec.exe /I{294EAADF-E50F-4DD8-AD8D-19587EA10512}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NeatReceipts Database Controller-->MsiExec.exe /X{91789CDD-E83A-4186-B436-AA7A588679FD}
NeatReceipts Professional 3.0 Core Files-->MsiExec.exe /X{8D199EBB-749F-478E-B4E4-9D343A1BEB07}
NeatReceipts Professional-->C:\Program Files\NeatReceipts Professional\uninstallNR.exe
Netgear Update Assistant-->"C:\Program Files\InstallShield Installation Information\{7C394403-5751-415F-A0D7-651548D726F9}\Setup.exe" -runfromtemp -l0x0009 -removeonly
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Photo Explosion Deluxe-->MsiExec.exe /X{5360DF11-A876-460B-9953-6817AA2BF9D5}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickBooks Pro 2009-->msiexec.exe /I {9A2F0810-369F-4E86-9072-973FBE1679C5} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2009" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{9A2F0810-369F-4E86-9072-973FBE1679C5}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
WA_UIFastTax-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\WA_UIFastTax\ST6UNST.LOG"
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
WildTangent Games-->"C:\Program Files\WildTangent\Dell Games\Uninstall.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: Bella-PC
Event Code: 7000
Message: The BVRPMPR5 NDIS Protocol Driver service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 10799
Source Name: Service Control Manager
Time Written: 20081110044124.000000-000
Event Type: Error
User:

Computer Name: Bella-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 10792
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20081110043851.000000-000
Event Type: Warning
User:

Computer Name: Bella-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 10783
Source Name: Microsoft-Windows-Time-Service
Time Written: 20081110043805.000000-000
Event Type: Warning
User:

Computer Name: Bella-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 10695
Source Name: Service Control Manager
Time Written: 20081107233950.000000-000
Event Type: Error
User:

Computer Name: Bella-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 10560
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20081107233908.223456-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Bella-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2213779461-1784714120-1713851861-1003:
Process 944 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2213779461-1784714120-1713851861-1003

Record Number: 874
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081105074921.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Bella-PC
Event Code: 1002
Message: The program rundll32.exe version 6.0.6000.16386 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b18 Start Time: 01c93f16cdfa379c Termination Time: 16
Record Number: 864
Source Name: Application Hang
Time Written: 20081105073313.000000-000
Event Type: Error
User:

Computer Name: Bella-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 858
Source Name: Microsoft-Windows-WMI
Time Written: 20081105065151.000000-000
Event Type: Error
User:

Computer Name: Bella-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2213779461-1784714120-1713851861-1003_Classes:
Process 1972 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2213779461-1784714120-1713851861-1003_CLASSES

Record Number: 809
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081105045131.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Bella-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2213779461-1784714120-1713851861-1003:
Process 608 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2213779461-1784714120-1713851861-1003
Process 1972 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2213779461-1784714120-1713851861-1003

Record Number: 808
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081105045131.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Bella-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 486
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081105045132.306600-000
Event Type: Audit Success
User:

Computer Name: Bella-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 485
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081105035614.518893-000
Event Type: Audit Success
User:

Computer Name: Bella-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x288
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 484
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081105035614.518893-000
Event Type: Audit Success
User:

Computer Name: Bella-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: D32K5JC1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x288
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 483
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081105035614.518893-000
Event Type: Audit Success
User:

Computer Name: Bella-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2213779461-1784714120-1713851861-1003
Account Name: Bella
Domain Name: Bella-PC
Logon ID: 0xd9994
Record Number: 482
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081105034043.557093-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\Common Files\NeatReceipts\Drivers\M12\;C:\Program Files\Common Files\NeatReceipts\NeatOCR 2.0\;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\Common Files\Ulead Systems\MPEG;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

*******************
END RSIT INFO ****************************

RSIT LOG IN NEXT POST

chewyhelp · Joined: 07 Nov 2009 Posts: 7

CONTINUED FROM PREVIOUS POST

======================================BEGIN OF RSIT LOG =====================================

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bella at 2009-11-06 22:48:24
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 201 GB (69%) free of 293 GB
Total RAM: 3573 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-06 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]
TTB000000 Class - C:\Users\Bella\AppData\Local\Temp\low\COUPON~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-09-25 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-09-25 5976904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe []
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2008-03-03 36864]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-07-03 3563520]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"LanUpdate"=C:\Program Files\Netgear Update Assistant\LanUpdate.exe [2008-05-02 77824]
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2008-09-09 623880]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-01 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-05 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-05 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-05 133656]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-11-12 405504]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-06 2010904]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-09-25 160592]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-10-28 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-05 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a96effd-f8d7-11dd-ab7d-002269c19c78}]
shell\AutoRun\command - G:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-06 22:48:24 ----D---- C:\rsit
2009-11-06 22:48:24 ----D---- C:\Program Files\trend micro
2009-11-06 22:45:04 ----D---- C:\Windows\ERDNT
2009-11-06 22:42:59 ----D---- C:\Program Files\ERUNT
2009-11-06 21:38:23 ----D---- C:\Users\Bella\AppData\Roaming\WinPatrol
2009-11-06 21:36:56 ----D---- C:\Program Files\BillP Studios
2009-11-06 19:28:14 ----D---- C:\Program Files\Windows Portable Devices
2009-11-06 19:12:59 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-06 19:12:58 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-06 19:12:58 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-06 19:12:23 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\d2d1.dll
2009-11-06 19:12:22 ----A---- C:\Windows\system32\cdd.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-06 19:12:21 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\FntCache.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\dxgi.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-06 19:12:21 ----A---- C:\Windows\system32\DWrite.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d11.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-06 19:12:21 ----A---- C:\Windows\system32\d3d10.dll
2009-11-06 19:11:53 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-06 19:11:53 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-06 19:11:53 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-06 19:11:52 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-06 19:11:51 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-06 19:11:51 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-06 19:11:50 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-06 19:11:49 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-06 19:11:49 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-06 19:11:49 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-06 19:11:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-06 19:11:48 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-06 19:11:48 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-06 19:11:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-06 19:11:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-06 19:10:36 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-06 19:10:36 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-06 19:10:36 ----A---- C:\Windows\system32\oleacc.dll
2009-11-06 19:09:40 ----A---- C:\Windows\system32\gpprefcl.dll
2009-11-06 19:09:33 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-06 14:11:03 ----D---- C:\Users\Bella\AppData\Roaming\Malwarebytes
2009-11-06 14:10:58 ----D---- C:\ProgramData\Malwarebytes
2009-11-06 14:10:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 13:26:18 ----D---- C:\ProgramData\Lavasoft
2009-11-06 13:26:18 ----D---- C:\Program Files\Lavasoft
2009-11-06 13:26:00 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-06 09:19:08 ----D---- C:\ProgramData\WindowsSearch
2009-11-06 09:02:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-06 09:02:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-06 08:16:11 ----HD---- C:\$AVG
2009-11-06 08:15:59 ----A---- C:\Windows\system32\avgrsstx.dll
2009-11-06 08:15:37 ----D---- C:\ProgramData\AVG Security Toolbar
2009-11-06 08:11:50 ----D---- C:\Program Files\AVG
2009-11-06 08:11:36 ----D---- C:\ProgramData\avg9
2009-11-06 07:37:41 ----SHD---- C:\ProgramData\a81897b
2009-11-04 00:22:22 ----A---- C:\Windows\system32\mshtml.dll
2009-11-03 01:44:30 ----D---- C:\ProgramData\McAfee
2009-11-01 01:44:29 ----D---- C:\ProgramData\McAfee Security Scan
2009-11-01 01:39:41 ----D---- C:\Windows\system32\WindowsPowerShell
2009-11-01 01:33:00 ----D---- C:\Program Files\Microsoft ATS
2009-10-27 20:22:19 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 20:22:17 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 20:22:16 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-22 21:50:05 ----D---- C:\Program Files\iPod
2009-10-22 21:50:02 ----D---- C:\Program Files\iTunes
2009-10-20 16:06:55 ----A---- C:\Windows\system32\wups2.dll
2009-10-20 16:06:55 ----A---- C:\Windows\system32\wucltux.dll
2009-10-20 16:06:55 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-20 16:06:55 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-20 16:06:14 ----A---- C:\Windows\system32\wups.dll
2009-10-20 16:06:14 ----A---- C:\Windows\system32\wudriver.dll
2009-10-20 16:06:14 ----A---- C:\Windows\system32\wuapi.dll
2009-10-20 16:06:02 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-20 16:06:02 ----A---- C:\Windows\system32\wuapp.exe
2009-10-16 02:03:41 ----D---- C:\Windows\SQL9_KB970892_ENU
2009-10-16 00:58:57 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-10-15 13:55:56 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-15 13:55:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-15 13:55:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-15 13:52:48 ----A---- C:\Windows\system32\urlmon.dll
2009-10-15 13:52:48 ----A---- C:\Windows\system32\iertutil.dll
2009-10-15 13:52:48 ----A---- C:\Windows\system32\ieframe.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\wininet.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\occache.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-15 13:52:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-15 13:52:47 ----A---- C:\Windows\system32\ieui.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\iesetup.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\iernonce.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\iepeers.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-15 13:52:47 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-15 13:50:05 ----A---- C:\Windows\system32\msasn1.dll
2009-10-15 13:50:03 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 1 months======

2009-11-06 22:48:24 ----RD---- C:\Program Files
2009-11-06 22:48:22 ----D---- C:\Windows\Temp
2009-11-06 22:45:04 ----D---- C:\Windows
2009-11-06 22:37:11 ----D---- C:\Windows\System32
2009-11-06 22:37:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-06 22:37:10 ----D---- C:\Windows\inf
2009-11-06 22:32:37 ----D---- C:\Windows\Tasks
2009-11-06 22:29:49 ----D---- C:\Program Files\Google
2009-11-06 21:25:28 ----SHD---- C:\Windows\Installer
2009-11-06 21:25:28 ----HD---- C:\Config.Msi
2009-11-06 21:25:27 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-06 21:25:01 ----SHD---- C:\System Volume Information
2009-11-06 19:55:37 ----D---- C:\Windows\rescache
2009-11-06 19:37:39 ----D---- C:\Windows\system32\Tasks
2009-11-06 19:28:16 ----D---- C:\Windows\system32\en-US
2009-11-06 19:28:14 ----D---- C:\Windows\system32\wbem
2009-11-06 19:28:14 ----D---- C:\Windows\system32\drivers
2009-11-06 19:28:12 ----D---- C:\Windows\system32\zh-TW
2009-11-06 19:28:12 ----D---- C:\Windows\system32\zh-HK
2009-11-06 19:28:12 ----D---- C:\Windows\system32\uk-UA
2009-11-06 19:28:12 ----D---- C:\Windows\system32\tr-TR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\th-TH
2009-11-06 19:28:12 ----D---- C:\Windows\system32\sv-SE
2009-11-06 19:28:12 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-06 19:28:12 ----D---- C:\Windows\system32\sl-SI
2009-11-06 19:28:12 ----D---- C:\Windows\system32\sk-SK
2009-11-06 19:28:12 ----D---- C:\Windows\system32\pt-PT
2009-11-06 19:28:12 ----D---- C:\Windows\system32\pt-BR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\pl-PL
2009-11-06 19:28:12 ----D---- C:\Windows\system32\nl-NL
2009-11-06 19:28:12 ----D---- C:\Windows\system32\lv-LV
2009-11-06 19:28:12 ----D---- C:\Windows\system32\lt-LT
2009-11-06 19:28:12 ----D---- C:\Windows\system32\ko-KR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\it-IT
2009-11-06 19:28:12 ----D---- C:\Windows\system32\hu-HU
2009-11-06 19:28:12 ----D---- C:\Windows\system32\hr-HR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\he-IL
2009-11-06 19:28:12 ----D---- C:\Windows\system32\fr-FR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\fi-FI
2009-11-06 19:28:12 ----D---- C:\Windows\system32\et-EE
2009-11-06 19:28:12 ----D---- C:\Windows\system32\es-ES
2009-11-06 19:28:12 ----D---- C:\Windows\system32\el-GR
2009-11-06 19:28:12 ----D---- C:\Windows\system32\de-DE
2009-11-06 19:28:12 ----D---- C:\Windows\system32\cs-CZ
2009-11-06 19:28:12 ----D---- C:\Windows\system32\bg-BG
2009-11-06 19:28:11 ----D---- C:\Windows\system32\zh-CN
2009-11-06 19:28:11 ----D---- C:\Windows\system32\ru-RU
2009-11-06 19:28:11 ----D---- C:\Windows\system32\ro-RO
2009-11-06 19:28:11 ----D---- C:\Windows\system32\nb-NO
2009-11-06 19:28:11 ----D---- C:\Windows\system32\ja-JP
2009-11-06 19:28:11 ----D---- C:\Windows\system32\da-DK
2009-11-06 19:28:11 ----D---- C:\Windows\system32\ar-SA
2009-11-06 19:13:24 ----D---- C:\Windows\system32\catroot
2009-11-06 19:13:10 ----D---- C:\Windows\winsxs
2009-11-06 19:12:11 ----D---- C:\Windows\system32\catroot2
2009-11-06 18:18:13 ----D---- C:\Program Files\Mozilla Firefox
2009-11-06 17:52:02 ----D---- C:\Windows\system32\appmgmt
2009-11-06 17:36:16 ----D---- C:\Program Files\Coupons
2009-11-06 17:24:32 ----D---- C:\Windows\Prefetch
2009-11-06 17:20:56 ----SD---- C:\Users\Bella\AppData\Roaming\Microsoft
2009-11-06 14:58:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-06 14:19:07 ----HD---- C:\ProgramData
2009-11-06 13:41:00 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-01 01:48:02 ----D---- C:\Users\Bella\AppData\Roaming\Move Networks
2009-11-01 01:41:52 ----D---- C:\Windows\AppPatch
2009-11-01 01:41:03 ----D---- C:\Windows\Microsoft.NET
2009-11-01 01:33:53 ----SD---- C:\Windows\Downloaded Program Files
2009-10-31 21:46:45 ----D---- C:\Users\Bella\AppData\Roaming\Apple Computer
2009-10-28 21:10:37 ----D---- C:\Program Files\Internet Explorer
2009-10-28 21:10:35 ----D---- C:\Program Files\Windows Media Player
2009-10-22 21:50:04 ----D---- C:\Program Files\Common Files\Apple
2009-10-22 21:50:02 ----D---- C:\ProgramData\Apple Computer
2009-10-20 16:09:11 ----D---- C:\Windows\PolicyDefinitions
2009-10-16 03:30:37 ----RSD---- C:\Windows\assembly
2009-10-16 03:17:48 ----D---- C:\Windows\system32\migration
2009-10-16 03:17:48 ----D---- C:\Windows\ehome
2009-10-16 03:17:48 ----D---- C:\Program Files\Windows Mail
2009-10-16 02:07:59 ----D---- C:\ProgramData\Microsoft Help
2009-10-16 02:05:39 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-16 00:57:41 ----D---- C:\Program Files\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-11-06 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-11-06 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-11-06 28424]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-11-06 360584]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-10 351744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-06-23 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-06-23 8704]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 AVGIDSDrivervtx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2009-11-06 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2009-11-06 30216]
R3 AVGIDSShimvtx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2009-11-06 27800]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-07-03 18424]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-07-03 1207288]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft AC Adapter Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-06-23 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-06-23 208384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-05 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-05 111616]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-03 7424]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-06-23 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-05-02 49904]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-01 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-06 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-11-06 2321720]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-11-06 5832712]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-06 1179232]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller; C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2008-02-05 228480]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2009-07-16 24576]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-07-03 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-06-23 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-05 651720]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-07-04 164600]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-10-28 16680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 MSSQL$NR2007;SQL Server (NR2007); c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2008-08-08 61440]
S3 QuickBooksDB19;QuickBooksDB19; C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe [2008-07-09 131072]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-10 918528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

======================================END OF RSIT LOG =====================================

chewyhelp · Joined: 07 Nov 2009 Posts: 7

In my search to fix things on my own I went to the microsoft website & downloaded all the updates they suggested.

Corrine · Posted: Sat Nov 07, 2009 15:24 pm Post subject:

Hi, chewyhelp. Welcome to Freedomlist.

I will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let me know.

Please download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 17.

Download Link: Java SE Runtime Environment 6u17

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please download ATF Cleaner by Atribune from [url="http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25"]http://www.atribune.org/index.php?option=c...5&Itemid=25[/url] . Save it to your Desktop.

Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Shutdown/restart the computer.

As you already have MBAM installed, I would like to see a scan with MBAM:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click [b]OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

You did not allow RSIT to install HijackThis. Please install it now and include that log with the MBAM log in your next reply. Download HijackThis© from one of the following sites:

Note: If you have used any anti-spyware applications, please shutdown/restart the computer before scanning with HijackThis©.

At the download prompt, choose "Save"

Navigate to the saved file and double-click the installer, HJTsetup.exe
By default, HijackThis© will be installed on your computer at C:\Program Files\Trend Micro\HijackThis, making an entry in the Start menu and also providing a Desktop shortcut
When the installation is complete, double-click the HijackThis icon on your desktop
Select "Do a system scan and save the Logfile"
When the scan is completed, Notepad will launch with the log. Please UNcheck Word Wrap in Notepad (Click Format > UNcheck Word Wrap)
Do not fix anything that you see in the log. (Scanning will not make any changes to your computer. Most of what is found is harmless or even required.)
Copy/Paste the log as a reply (Select Edit > Select All > Edit Copy)
Close HijackThis and Notepad

_________________

Take a walk through my Security Garden

chewyhelp · Joined: 07 Nov 2009 Posts: 7

Hi Corrine,

Thank you so much for your help. Here are the logs you requested...

************************ BEGIN OF MBAM ***********************

Malwarebytes' Anti-Malware 1.41
Database version: 3130
Windows 6.0.6002 Service Pack 2

11/8/2009 6:07:53 PM
mbam-log-2009-11-08 (18-07-20) POST IN REPLY

Scan type: Quick Scan
Objects scanned: 106992
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Bella\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> No action taken.

************************ END OF MBAM ***********************

============= BEGIN OF HIJACK =====================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:21 PM, on 11/8/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Netgear Update Assistant\LANUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Bella\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Bella\AppData\Local\Temp\low\COUPON~1.DLL (file missing)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/48.13/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17662 bytes

=================== END OF HIJACK ==================

If you need more information to diagnose my problem please let me know, once again thank you so much for your help.

Julie

Corrine · Posted: Mon Nov 09, 2009 18:06 pm Post subject:

Hi, Julie.

The expression, "the third time's a charm" applies in this case. It was the third review of your logs where I spotted a file from the WindowsPC Defender rogue. Let's make sure there isn't anything else hidden away.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. (Note: If you use AVG, you must also open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
- Click on Tools.
- Select Advanced Settings.
- In the left hand pane, scroll down to "Resident Shield".
- In the main pane, deselect the option to "Enable Resident Shield."
- To re-enable AVG 8, please select "Enable Resident Shield" again.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

_________________

Take a walk through my Security Garden

chewyhelp · Joined: 07 Nov 2009 Posts: 7

Hi Corrine,

Thank you so much for all your help! I had difficulties turning off/disabling all the spyware/malware/antivirus programs. I ended up uninstalling Spybot Search & Destroy. On AVG I disabled the resident shield, but while running combo fix AVG Identity protect things kept popping up. The WinPatrol also popped up once.

Here's the log from the combofix scan. The computer never rebooted itself after the scan...

ComboFix 09-11-08.03 - Bella 11/09/2009 16:32.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.1994 [GMT -8:00]
Running from: c:\users\Bella\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1188092344-3365634342-1950963333-500
c:\$recycle.bin\S-1-5-21-2213779461-1784714120-1713851861-500
c:\users\Bella\AppData\Local\{64150455-1BE1-401E-B9D2-B0AB349164E0}
c:\users\Bella\AppData\Local\{64150455-1BE1-401E-B9D2-B0AB349164E0}\chrome.manifest
c:\users\Bella\AppData\Local\{64150455-1BE1-401E-B9D2-B0AB349164E0}\chrome\content\_cfg.js
c:\users\Bella\AppData\Local\{64150455-1BE1-401E-B9D2-B0AB349164E0}\chrome\content\overlay.xul
c:\users\Bella\AppData\Local\{64150455-1BE1-401E-B9D2-B0AB349164E0}\install.rdf
c:\windows\system32\bszip.dll
c:\windows\system32\oem8.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.

2009-11-10 00:44 . 2009-11-10 00:51 -------- d-----w- c:\users\Bella\AppData\Local\temp
2009-11-10 00:44 . 2009-11-10 00:44 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2009-11-10 00:44 . 2009-11-10 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-09 23:55 . 2009-11-09 23:55 -------- d-----w- c:\users\Bella\AppData\Roaming\AVG9
2009-11-09 22:46 . 2009-11-06 16:15 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2009-11-09 22:44 . 2009-11-06 16:14 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2009-11-09 22:44 . 2009-11-06 16:14 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-09 02:15 . 2009-11-09 04:22 -------- d-----w- c:\users\Bella\AppData\Local\Adobe
2009-11-09 01:45 . 2009-11-09 01:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 01:39 . 2009-11-09 01:45 4096 d-----w- c:\users\Bella\.SunDownloadManager
2009-11-07 06:48 . 2009-11-07 06:48 -------- d-----w- C:\rsit
2009-11-07 06:48 . 2009-11-07 06:48 -------- d-----w- c:\program files\trend micro
2009-11-07 06:42 . 2009-11-07 06:43 4096 d-----w- c:\program files\ERUNT
2009-11-07 05:38 . 2009-11-07 05:38 -------- d-----w- c:\users\Bella\AppData\Roaming\WinPatrol
2009-11-07 05:38 . 2006-09-18 21:43 10 ----a-w- c:\users\Bella\AppData\Roaming\WinPatrol\Config.sys
2009-11-07 05:38 . 2006-09-18 21:43 24 ----a-w- c:\users\Bella\AppData\Roaming\WinPatrol\Autoexec.bat
2009-11-07 05:36 . 2009-11-07 05:36 -------- d-----w- c:\program files\BillP Studios
2009-11-07 03:28 . 2009-11-07 03:28 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-07 03:11 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-07 03:10 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-07 03:10 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-07 03:10 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-07 03:09 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2009-11-07 03:09 . 2009-11-07 03:30 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-06 22:23 . 2009-11-06 21:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-06 22:11 . 2009-11-06 22:11 -------- d-----w- c:\users\Bella\AppData\Roaming\Malwarebytes
2009-11-06 22:10 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:10 . 2009-11-06 22:10 -------- d-----w- c:\programdata\Malwarebytes
2009-11-06 22:10 . 2009-11-06 22:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 22:10 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 21:41 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-06 21:37 . 2009-11-06 21:37 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-06 21:37 . 2009-11-06 21:37 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-06 21:37 . 2009-11-06 21:37 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-06 21:37 . 2009-11-06 21:37 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-06 21:37 . 2009-11-06 21:37 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-06 21:36 . 2009-11-06 21:36 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-06 21:35 . 2009-11-06 21:36 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-06 21:35 . 2009-11-06 21:35 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-06 21:35 . 2009-11-06 21:35 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-06 21:35 . 2009-11-06 21:35 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-06 21:27 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-06 21:26 . 2009-11-06 21:41 -------- d-----w- c:\programdata\Lavasoft
2009-11-06 21:26 . 2009-11-06 21:26 -------- d-----w- c:\program files\Lavasoft
2009-11-06 21:26 . 2009-11-06 21:27 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-06 17:19 . 2009-11-06 17:19 -------- d-----w- c:\programdata\WindowsSearch
2009-11-06 17:02 . 2009-11-10 00:24 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-06 17:02 . 2009-11-10 00:22 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-06 16:27 . 2009-11-06 16:27 -------- d-----w- c:\users\Bella\AppData\Local\AVG Security Toolbar
2009-11-06 16:18 . 2009-10-16 20:13 1115392 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-11-06 16:16 . 2009-11-06 16:19 -------- d-----w- C:\$AVG
2009-11-06 16:15 . 2009-11-06 16:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-06 16:15 . 2009-11-09 22:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-06 16:15 . 2009-11-06 16:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-06 16:15 . 2009-11-06 16:15 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-06 16:15 . 2009-11-09 22:42 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-06 16:15 . 2009-11-07 05:42 4096 d-----w- c:\programdata\AVG Security Toolbar
2009-11-06 16:14 . 2009-11-06 16:14 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-06 16:14 . 2009-11-06 16:14 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-06 16:11 . 2009-11-06 16:11 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-06 16:11 . 2009-11-06 16:11 -------- d-----w- c:\program files\AVG
2009-11-06 16:11 . 2009-11-06 16:11 4096 d-----w- c:\programdata\avg9
2009-11-06 15:41 . 2009-11-06 15:41 0 ----a-w- c:\users\Bella\AppData\Local\Ewobofivutamux.bin
2009-11-06 15:41 . 2009-11-06 21:49 120 ----a-w- c:\users\Bella\AppData\Local\Jfuwipokidupap.dat
2009-11-06 15:39 . 2009-11-06 15:39 6 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
2009-11-06 15:39 . 2009-11-06 15:39 26 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
2009-11-06 15:39 . 2009-11-06 15:39 23 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
2009-11-06 15:39 . 2009-11-06 15:39 17 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
2009-11-06 15:39 . 2009-11-06 15:39 13 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
2009-11-06 15:39 . 2009-11-06 15:39 75 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
2009-11-06 15:39 . 2009-11-06 15:39 61 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
2009-11-06 15:39 . 2009-11-06 15:39 4 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
2009-11-06 15:39 . 2009-11-06 15:39 15 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
2009-11-06 15:39 . 2009-11-06 15:39 3 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
2009-11-06 15:38 . 2009-11-06 15:38 71 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
2009-11-06 15:38 . 2009-11-06 15:38 46 ----a-w- c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
2009-11-06 15:38 . 2009-11-06 08:15 722392 ----a-w- c:\programdata\a81897b\mozcrt19.dll
2009-11-06 15:38 . 2009-11-06 08:15 457688 ----a-w- c:\programdata\a81897b\sqlite3.dll
2009-11-06 15:37 . 2009-11-06 22:19 -------- d-sh--w- c:\programdata\a81897b
2009-11-03 09:44 . 2009-11-03 09:44 -------- d-----w- c:\programdata\McAfee
2009-11-01 09:44 . 2009-11-01 09:44 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-01 09:41 . 2009-11-01 09:41 -------- d-----w- c:\users\Bella\AppData\Local\ElevatedDiagnostics
2009-11-01 09:33 . 2009-11-01 09:33 -------- d-----w- c:\program files\Microsoft ATS
2009-11-01 04:39 . 2009-11-01 09:48 127872 ----a-w- c:\users\Bella\AppData\Roaming\Move Networks\uninstall.exe
2009-10-28 04:22 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 04:22 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-23 05:50 . 2009-10-23 05:50 -------- d-----w- c:\program files\iPod
2009-10-23 05:50 . 2009-10-23 05:50 4096 d-----w- c:\program files\iTunes
2009-10-23 05:44 . 2009-10-23 05:44 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-21 00:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 00:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 00:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 00:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 00:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 00:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 00:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 00:06 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 00:06 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 10:03 . 2009-10-16 10:03 8192 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-16 08:58 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-15 21:55 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 21:55 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 21:55 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 21:50 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 21:50 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 21:50 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 23:59 . 2009-10-13 23:59 2146304 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 00:23 . 2008-10-28 04:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-09 03:13 . 2009-07-27 04:07 4096 d-----w- c:\program files\Coupons
2009-11-09 01:44 . 2008-10-28 09:22 4096 d-----w- c:\program files\Java
2009-11-08 10:37 . 2008-10-28 09:43 4096 d-----w- c:\program files\Google
2009-11-07 03:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-07 03:27 . 2009-11-07 03:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-07 03:27 . 2009-11-07 03:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 22:58 . 2008-10-28 09:24 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 22:23 . 2009-11-06 21:40 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-11-01 09:48 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Bella\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-01 09:48 . 2009-01-17 18:58 4096 d-----w- c:\users\Bella\AppData\Roaming\Move Networks
2009-11-01 05:46 . 2009-09-15 21:58 -------- d-----w- c:\users\Bella\AppData\Roaming\Apple Computer
2009-10-23 05:50 . 2009-09-15 21:53 -------- d-----w- c:\program files\Common Files\Apple
2009-10-23 05:50 . 2009-09-15 21:56 -------- d-----w- c:\programdata\Apple Computer
2009-10-16 11:17 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-16 10:07 . 2008-10-28 09:40 8192 d-----w- c:\programdata\Microsoft Help
2009-10-16 10:05 . 2008-10-28 09:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-16 08:57 . 2008-10-28 09:38 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-01 17:29 . 2009-10-02 20:30 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02 . 2009-11-07 03:11 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-07 03:11 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-07 03:11 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-07 03:11 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-07 03:11 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-07 03:11 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-07 03:11 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-07 03:11 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-07 03:11 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-07 03:11 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-07 03:11 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-07 03:11 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-07 03:11 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-07 03:11 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-07 03:11 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-07 03:12 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-07 03:12 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-07 03:12 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-07 03:12 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-07 03:12 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-07 03:12 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-07 03:12 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-07 03:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-07 03:12 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-07 03:12 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-07 03:12 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-07 03:12 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-07 03:12 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-07 03:12 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-07 03:12 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-07 03:12 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-07 03:12 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-07 03:12 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-07 03:12 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-07 03:12 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-07 03:12 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-07 03:12 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-07 03:12 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-07 03:12 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-07 03:12 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-07 03:12 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-07 03:12 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 07:06 . 2009-01-24 07:54 195848 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-09-23 07:06 . 2009-01-24 07:54 1010440 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-09-22 07:58 . 2009-01-19 22:56 11422 ----a-w- c:\programdata\Intuit\QuickBooks 2009\qbbackup.sys
2009-09-22 03:49 . 2008-12-13 03:34 4096 d-----w- c:\programdata\Intuit
2009-09-15 21:58 . 2009-09-15 21:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 21:56 . 2009-09-15 21:56 -------- d-----w- c:\program files\Bonjour
2009-09-15 21:55 . 2009-09-15 21:55 4096 d-----w- c:\program files\Apple Software Update
2009-09-15 21:53 . 2009-09-15 21:53 -------- d-----w- c:\programdata\Apple
2009-09-10 02:01 . 2009-11-07 03:12 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-11-07 03:12 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-11-07 03:12 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-08-29 00:27 . 2009-09-03 00:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 00:36 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 21:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 21:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 21:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 21:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-20 06:50 . 2008-04-07 13:38 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 05:06 . 2008-11-06 03:21 6648 ----a-w- c:\users\Bella\AppData\Local\d3d9caps.dat
2009-08-14 16:27 . 2009-09-09 04:30 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 04:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 04:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 04:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 04:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 04:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 04:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 04:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 04:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 04:30 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 04:30 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-13 03:55 . 2009-08-13 03:55 787760 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-08-13 03:55 . 2009-08-13 03:55 763184 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-08-13 03:55 . 2009-08-13 03:55 570672 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-08-13 03:55 . 2009-08-13 03:55 496944 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-08-13 03:55 . 2009-08-13 03:55 423216 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-08-13 03:55 . 2009-08-13 03:55 296240 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-08-13 03:55 . 2009-08-13 03:55 263472 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-08-13 03:55 . 2009-08-13 03:55 1152304 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2005-01-07 22:20 . 2005-01-07 22:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 22:20 . 2005-01-07 22:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2008-10-28 09:31 . 2008-10-28 09:31 76 --sh--r- c:\windows\CT4CET.bin
2008-10-28 11:47 . 2008-10-28 11:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-26 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-09 2016536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-09 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-28 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-6 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-28 09:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,64,37,75,6c,fa,c9,01

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [11/6/2009 8:14 AM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [11/6/2009 8:14 AM 161800]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/6/2009 1:41 PM 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [11/6/2009 8:11 AM 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/6/2009 8:15 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/6/2009 8:15 AM 360584]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/27/2008 8:07 PM 73728]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/6/2009 8:14 AM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/9/2009 2:45 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/6/2009 8:14 AM 5832712]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 11:09 AM 161048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 3:17 AM 1179232]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2/5/2008 1:03 PM 228480]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [11/6/2009 8:14 AM 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [11/6/2009 8:14 AM 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [11/6/2009 8:14 AM 27800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [10/28/2008 4:00 AM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/28/2008 4:00 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [10/28/2008 4:00 AM 7424]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 6:21 PM 21504]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.11/uploader2.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\jaohysst.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Bella\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 16:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-10 16:54
ComboFix-quarantined-files.txt 2009-11-10 00:54

Pre-Run: 213,019,865,088 bytes free
Post-Run: 212,938,055,680 bytes free

- - End Of File - - 638A50357535BCBAD1B55A71F85040E7

Corrine · Posted: Mon Nov 09, 2009 21:44 pm Post subject:

I need to research a couple items and have an appointment tomorrow. In the meantime, as you installed AVG was this because McAfee was expired? If so, I suggest you run the McAfee Removal Tool from here: http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS100507. Otherwise, uninstall AVG.

As you've already begun removing the extra software you installed in an attempt to solve this problem, you can remove Ad-Aware as well if you wish since you have Windows Defender, WinPatrol and Malwarebytes' Anti-malware (which I think is the best anti-malware program currently available).

I would like you to do an on-line scan. Please establish an internet connection and perform an on-line scan with Internet Explorer at Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal.

Note:

This scan is best done from IE (Internet Explorer)
Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here: http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Note: To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

=====================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=====================

Logs Required

Kaspersky Scan Log
Hijackthis Log
_________________

Take a walk through my Security Garden

chewyhelp · Joined: 07 Nov 2009 Posts: 7

Here's the scans....

Is it better now? LOL My poor computer

Thank you for your help & patience in helping me resolve this :)

--------------- KASPERSKY SCAN --------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, November 11, 2009
Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, November 11, 2009 06:41:19
Records in database: 3190688
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 191569
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:45:45

No threats found. Scanned area is clean.

Selected area has been scanned.

----------------------- END OF KASPERSKY SCAN ---------------------------

--------------------------------- HIJACK THIS SCAN -------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:24 AM, on 11/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Netgear Update Assistant\LANUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Bella\Desktop\Computer Virus Stuff Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/48.13/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15772 bytes

------------------------------------------- END OF HIJACK THIS FILE -----------------------------------------

Corrine · Posted: Thu Nov 12, 2009 18:05 pm Post subject:

Hi, Julie.

Sorry for the delay. Between appointments, I have finally had the opportunity to complete researching your logs. There is some cleanup left to do.

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
c:\users\Bella\AppData\Local\Ewobofivutamux.bin
c:\users\Bella\AppData\Local\Jfuwipokidupap.dat
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\programdata\a81897b\mozcrt19.dll
c:\programdata\a81897b\sqlite3.dll
c:\programdata\a81897b

Registry::
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

Save this as CFScript.txt and place it on your desktop.
Close any open browsers
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

As you have MBAM installed, let's see a fresh scan. It is critical that you update MBAM prior to scanning. You should get an engine update as well as definitions and will need to restart in order to complete the update. Please follow these instructions:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
Once the update has been installed and the program has loaded, select Quick scan
When the scan is complete, click [b]OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply along with the ComboFix.

_________________

Take a walk through my Security Garden

chewyhelp · Joined: 07 Nov 2009 Posts: 7

Hi Corrine,

No apology needed!!! You're doing me a huge favor by helping me fix my computer. You must have hundreds of people asking for help in addition to your job... I'm just grateful that you've taken the time to help me. My brother who works at Google wouldn't even help me because he didn't have time, the only help he gave me was to come to this site.

So here are the logs....

------------------- BEGIN COMBO FIX --------------------------------
ComboFix 09-11-14.03 - Bella 11/14/2009 5:52.2.2 - FAT32x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3573.2135 [GMT -8:00]
Running from: c:\users\Bella\Desktop\Computer Virus Stuff Downloads\ComboFix.exe
Command switches used :: c:\users\Bella\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\a81897b"
"c:\programdata\a81897b\mozcrt19.dll"
"c:\programdata\a81897b\sqlite3.dll"
"c:\users\Bella\AppData\Local\Ewobofivutamux.bin"
"c:\users\Bella\AppData\Local\Jfuwipokidupap.dat"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.dll"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.drv"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.exe"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.sys"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\FS.sys"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\SM.sys"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll"
"c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\a81897b\mozcrt19.dll
c:\programdata\a81897b\sqlite3.dll
c:\users\Bella\AppData\Local\Ewobofivutamux.bin
c:\users\Bella\AppData\Local\Jfuwipokidupap.dat
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\Bella\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 14:03 . 2009-11-14 14:04 -------- d-----w- c:\users\Bella\AppData\Local\temp
2009-11-14 14:03 . 2009-11-14 14:03 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2009-11-14 14:03 . 2009-11-14 14:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-14 14:03 . 2009-11-14 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\iPod
2009-11-13 10:34 . 2009-11-13 10:35 4096 d-----w- c:\program files\iTunes
2009-11-13 10:32 . 2009-11-13 10:32 -------- d-----w- c:\users\Bella\AppData\Local\Apple Computer
2009-11-13 10:29 . 2009-11-13 10:30 4096 d-----w- c:\program files\QuickTime
2009-11-13 10:24 . 2009-11-13 10:24 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-13 10:18 . 2009-11-13 10:18 -------- d-----w- c:\users\Bella\AppData\Local\Apple
2009-11-12 17:05 . 2009-11-09 22:45 4026136 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-11-12 17:05 . 2009-11-09 22:45 2016536 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2009-11-12 17:05 . 2009-11-09 22:45 1257240 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2009-11-12 17:05 . 2009-11-09 22:45 3963672 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-12 17:05 . 2009-11-06 16:14 496920 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-12 17:05 . 2009-11-06 16:14 600344 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2009-11-11 11:02 . 2009-11-11 11:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-11 04:06 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 04:04 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 20:05 . 2009-11-10 20:05 -------- d-----w- c:\windows\Sun
2009-11-09 23:55 . 2009-11-09 23:55 -------- d-----w- c:\users\Bella\AppData\Roaming\AVG9
2009-11-09 22:46 . 2009-11-06 16:15 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2009-11-09 22:44 . 2009-11-06 16:14 610072 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2009-11-09 22:44 . 2009-11-06 16:14 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-09 02:15 . 2009-11-09 04:22 -------- d-----w- c:\users\Bella\AppData\Local\Adobe
2009-11-09 01:45 . 2009-11-09 01:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 01:39 . 2009-11-09 01:45 4096 d-----w- c:\users\Bella\.SunDownloadManager
2009-11-07 06:48 . 2009-11-07 06:48 -------- d-----w- C:\rsit
2009-11-07 06:48 . 2009-11-07 06:48 -------- d-----w- c:\program files\trend micro
2009-11-07 06:42 . 2009-11-07 06:43 4096 d-----w- c:\program files\ERUNT
2009-11-07 05:38 . 2009-11-07 05:38 -------- d-----w- c:\users\Bella\AppData\Roaming\WinPatrol
2009-11-07 05:38 . 2006-09-18 21:43 10 ----a-w- c:\users\Bella\AppData\Roaming\WinPatrol\Config.sys
2009-11-07 05:38 . 2006-09-18 21:43 24 ----a-w- c:\users\Bella\AppData\Roaming\WinPatrol\Autoexec.bat
2009-11-07 05:36 . 2009-11-07 05:36 -------- d-----w- c:\program files\BillP Studios
2009-11-07 03:28 . 2009-11-07 03:28 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-07 03:11 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-07 03:10 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-07 03:10 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-07 03:10 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-07 03:09 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2009-11-07 03:09 . 2009-11-07 03:30 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-06 22:23 . 2009-11-06 21:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-06 22:11 . 2009-11-06 22:11 -------- d-----w- c:\users\Bella\AppData\Roaming\Malwarebytes
2009-11-06 22:10 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 22:10 . 2009-11-06 22:10 -------- d-----w- c:\programdata\Malwarebytes
2009-11-06 22:10 . 2009-11-06 22:11 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-06 22:10 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 21:26 . 2009-11-10 19:30 -------- d-----w- c:\programdata\Lavasoft
2009-11-06 17:19 . 2009-11-06 17:19 -------- d-----w- c:\programdata\WindowsSearch
2009-11-06 17:02 . 2009-11-10 00:24 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-06 17:02 . 2009-11-10 00:22 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-06 16:27 . 2009-11-06 16:27 -------- d-----w- c:\users\Bella\AppData\Local\AVG Security Toolbar
2009-11-06 16:18 . 2009-10-16 20:13 1115392 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-11-06 16:16 . 2009-11-06 16:19 -------- d-----w- C:\$AVG
2009-11-06 16:15 . 2009-11-06 16:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-06 16:15 . 2009-11-09 22:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-06 16:15 . 2009-11-06 16:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-06 16:15 . 2009-11-06 16:15 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-06 16:15 . 2009-11-14 13:25 4096 d-----w- c:\windows\system32\drivers\Avg
2009-11-06 16:15 . 2009-11-07 05:42 4096 d-----w- c:\programdata\AVG Security Toolbar
2009-11-06 16:14 . 2009-11-06 16:14 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-06 16:14 . 2009-11-06 16:14 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-06 16:11 . 2009-11-06 16:11 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-06 16:11 . 2009-11-06 16:11 -------- d-----w- c:\program files\AVG
2009-11-06 16:11 . 2009-11-06 16:11 4096 d-----w- c:\programdata\avg9
2009-11-06 15:37 . 2009-11-14 14:02 -------- d-sh--w- c:\programdata\a81897b
2009-11-01 09:44 . 2009-11-01 09:44 -------- d-----w- c:\programdata\McAfee Security Scan
2009-11-01 09:41 . 2009-11-01 09:41 -------- d-----w- c:\users\Bella\AppData\Local\ElevatedDiagnostics
2009-11-01 09:33 . 2009-11-01 09:33 -------- d-----w- c:\program files\Microsoft ATS
2009-11-01 04:39 . 2009-11-01 09:48 127872 ----a-w- c:\users\Bella\AppData\Roaming\Move Networks\uninstall.exe
2009-10-28 04:22 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 04:22 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 00:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 00:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 00:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 00:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 00:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 00:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 00:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 00:06 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 00:06 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 10:03 . 2009-10-16 10:03 8192 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-16 08:58 . 2009-08-20 06:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-10-15 21:55 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 21:55 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 21:55 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 21:50 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 21:50 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 21:50 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 20:59 . 2008-10-28 04:08 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-13 10:34 . 2009-09-15 21:53 -------- d-----w- c:\program files\Common Files\Apple
2009-11-13 10:34 . 2009-09-15 21:56 -------- d-----w- c:\programdata\Apple Computer
2009-11-12 19:15 . 2009-08-26 04:59 4096 d-----w- c:\users\Bella\AppData\Roaming\HpUpdate
2009-11-12 07:38 . 2008-10-28 09:40 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 11:30 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-09 03:13 . 2009-07-27 04:07 4096 d-----w- c:\program files\Coupons
2009-11-09 01:44 . 2008-10-28 09:22 4096 d-----w- c:\program files\Java
2009-11-08 10:37 . 2008-10-28 09:43 4096 d-----w- c:\program files\Google
2009-11-07 03:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-07 03:27 . 2009-11-07 03:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-07 03:27 . 2009-11-07 03:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 22:58 . 2008-10-28 09:24 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-01 09:48 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Bella\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-01 09:48 . 2009-01-17 18:58 4096 d-----w- c:\users\Bella\AppData\Roaming\Move Networks
2009-11-01 05:46 . 2009-09-15 21:58 -------- d-----w- c:\users\Bella\AppData\Roaming\Apple Computer
2009-10-16 10:05 . 2008-10-28 09:58 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-16 08:57 . 2008-10-28 09:38 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-13 23:59 . 2009-10-13 23:59 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-01 17:29 . 2009-10-02 20:30 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02 . 2009-11-07 03:11 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-07 03:11 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-07 03:11 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-07 03:11 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-07 03:11 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-07 03:11 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-07 03:11 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-07 03:11 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-07 03:11 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-07 03:11 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-07 03:11 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-07 03:11 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-07 03:11 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-07 03:11 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-07 03:11 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-07 03:12 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-07 03:12 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-07 03:12 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-07 03:12 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-07 03:12 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-07 03:12 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-07 03:12 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-07 03:12 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-07 03:12 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-07 03:12 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-07 03:12 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-07 03:12 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-07 03:12 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-07 03:12 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-07 03:12 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-07 03:12 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-07 03:12 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-07 03:12 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-07 03:12 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-07 03:12 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-07 03:12 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-07 03:12 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-07 03:12 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-07 03:12 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-07 03:12 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-07 03:12 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-07 03:12 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 07:06 . 2009-01-24 07:54 195848 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-09-23 07:06 . 2009-01-24 07:54 1010440 ----a-w- c:\programdata\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-09-22 07:58 . 2009-01-19 22:56 11422 ----a-w- c:\programdata\Intuit\QuickBooks 2009\qbbackup.sys
2009-09-22 03:49 . 2008-12-13 03:34 4096 d-----w- c:\programdata\Intuit
2009-09-15 21:58 . 2009-09-15 21:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 21:56 . 2009-09-15 21:56 -------- d-----w- c:\program files\Bonjour
2009-09-15 21:55 . 2009-09-15 21:55 4096 d-----w- c:\program files\Apple Software Update
2009-09-15 21:53 . 2009-09-15 21:53 -------- d-----w- c:\programdata\Apple
2009-09-10 02:01 . 2009-11-07 03:12 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-11-07 03:12 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-11-07 03:12 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-08-29 00:27 . 2009-09-03 00:36 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 00:36 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 21:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 21:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 21:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 21:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-20 06:50 . 2008-04-07 13:38 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 05:06 . 2008-11-06 03:21 6648 ----a-w- c:\users\Bella\AppData\Local\d3d9caps.dat
2005-01-07 22:20 . 2005-01-07 22:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 22:20 . 2005-01-07 22:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2008-10-28 09:31 . 2008-10-28 09:31 76 --sh--r- c:\windows\CT4CET.bin
2008-10-28 11:47 . 2008-10-28 11:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_00.51.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-02 15:36 . 2009-11-03 10:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2009-07-02 15:36 . 2009-11-11 02:48 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2008-11-05 03:36 . 2009-11-13 21:01 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-05 03:36 . 2009-11-10 00:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-02 15:36 . 2009-11-03 10:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2009-07-02 15:36 . 2009-11-11 02:48 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2008-11-05 03:36 . 2009-11-10 00:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-05 03:36 . 2009-11-13 21:01 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-02 15:36 . 2009-11-03 10:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2009-07-02 15:36 . 2009-11-11 02:48 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2008-11-05 03:36 . 2009-11-13 21:01 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-05 03:36 . 2009-11-10 00:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-11 11:02 . 2009-11-12 07:37 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2008-12-19 06:51 . 2009-11-13 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-19 06:51 . 2009-08-06 07:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-19 06:51 . 2009-11-13 21:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-19 06:51 . 2009-08-08 22:34 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-19 06:51 . 2009-11-13 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-19 06:51 . 2009-08-06 07:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-28 09:43 . 2009-11-12 07:38 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-08 23:50 . 2008-12-08 23:50 54576 c:\windows\Installer\$\Managed\3950CD476CB61004DAF58D01FA6BD868\5.2.2\hpwuschd2.exe
+ 2009-11-13 20:57 . 2009-11-13 20:57 9560 c:\windows\System32\networklist\icons\{C34A6048-F1B0-4094-AAE4-12DB5A0B4D15}_48.bin
+ 2009-11-13 20:57 . 2009-11-13 20:57 4280 c:\windows\System32\networklist\icons\{C34A6048-F1B0-4094-AAE4-12DB5A0B4D15}_32.bin
+ 2009-11-13 20:57 . 2009-11-13 20:57 2456 c:\windows\System32\networklist\icons\{C34A6048-F1B0-4094-AAE4-12DB5A0B4D15}_24.bin
- 2009-11-10 00:24 . 2009-11-10 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-13 21:00 . 2009-11-13 21:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-10 00:24 . 2009-11-10 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-13 21:00 . 2009-11-13 21:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-11 04:04 . 2009-08-10 12:39 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.22194_none_c0c6531463dfed55\WSDApi.dll
+ 2009-11-11 04:04 . 2009-08-10 12:35 355328 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6002.18085_none_c048867f4ab94af1\WSDApi.dll
+ 2009-11-11 04:04 . 2009-08-10 13:03 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.22491_none_bedce04e66bc4c2c\WSDApi.dll
+ 2009-11-11 04:04 . 2009-08-10 13:05 351232 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6001.18306_none_beb994414d512f9c\WSDApi.dll
+ 2009-11-11 04:04 . 2009-08-10 12:53 323072 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.21103_none_bd59c9aa694b25b2\WSDApi.dll
+ 2009-11-11 04:04 . 2009-08-10 13:08 321536 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.16903_none_bcd054bd502d52a6\WSDApi.dll
+ 2006-11-02 10:33 . 2009-11-11 03:10 732324 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-11 03:10 154928 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:46 . 2009-11-11 12:07 408336 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:46 . 2009-07-23 15:25 408336 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-10 04:58 . 2009-11-10 04:58 262144 c:\windows\System32\config\TxR\NTUSER.DAT
+ 2009-06-25 15:12 . 2009-11-13 21:01 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-25 15:12 . 2009-11-10 00:25 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-10 04:58 . 2009-11-10 04:58 262144 c:\windows\System32\config\RegBack\NTUSER.DAT
+ 2009-11-10 04:58 . 2009-11-10 04:58 262144 c:\windows\System32\config\Journal\NTUSER.DAT
+ 2009-11-13 10:29 . 2009-11-13 10:29 796672 c:\windows\Installer\583ec3f.msi
+ 2009-11-12 19:15 . 2009-11-12 19:15 816640 c:\windows\Installer\23f2472.msi
+ 2009-11-13 10:35 . 2009-11-13 10:35 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-12 19:15 . 2009-11-12 19:15 102400 c:\windows\Installer\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2009-11-11 04:06 . 2009-08-14 13:29 2045440 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
+ 2009-11-11 04:06 . 2009-08-14 13:27 2036736 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
+ 2009-11-11 04:06 . 2009-08-14 13:46 2036224 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
+ 2009-11-11 04:06 . 2009-08-14 13:53 2035712 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
+ 2009-11-11 04:06 . 2009-08-15 21:08 2032128 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys
+ 2009-11-11 04:06 . 2009-08-14 14:01 2031104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
+ 2009-11-11 04:06 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22247_none_f4d3f2c581d85dd6\OESpamFilter.dat
+ 2009-11-11 04:06 . 2009-10-16 08:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18124_none_f45cf4f468ad3a25\OESpamFilter.dat
+ 2009-11-11 04:06 . 2009-10-16 08:38 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22544_none_f2ea7fff84b4bcad\OESpamFilter.dat
+ 2009-11-11 04:06 . 2009-10-16 08:39 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18344_none_f260e14e6b971fbc\OESpamFilter.dat
+ 2009-11-11 04:06 . 2009-10-16 08:40 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21142_none_f102170187902f29\OESpamFilter.dat
+ 2009-11-11 04:06 . 2009-10-16 08:41 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16939_none_f08a74066e63f18d\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-11-12 07:38 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-11-07 05:50 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-13 10:35 . 2009-11-13 10:35 4454912 c:\windows\Installer\583f3ec.msi
+ 2009-11-13 10:30 . 2009-11-13 10:30 9013760 c:\windows\Installer\583ec4d.msi
+ 2009-10-16 15:03 . 2009-10-16 15:03 5003776 c:\windows\Installer\4313818.msp
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\3539766.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\3539752.msp
- 2008-10-28 09:43 . 2009-10-16 10:07 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-28 09:43 . 2009-10-16 10:07 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-28 09:43 . 2009-11-12 07:38 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-12 19:15 . 2009-11-12 19:15 1729024 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{2CA9E997-73DA-4996-BEF1-58DABC19657C}\HP Update.msi
+ 2006-11-02 10:24 . 2009-11-05 17:36 26768832 c:\windows\System32\mrt.exe
+ 2009-08-18 21:19 . 2009-08-18 21:19 10098688 c:\windows\Installer\353977b.msp
+ 2009-06-04 20:58 . 2009-11-11 03:53 208342268 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-26 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-09 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Bella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-28 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-6 805392]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-28 09:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,64,37,75,6c,fa,c9,01

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [11/6/2009 8:14 AM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [11/6/2009 8:14 AM 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [11/6/2009 8:11 AM 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11/6/2009 8:15 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [11/6/2009 8:15 AM 360584]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/27/2008 8:07 PM 73728]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/6/2009 8:14 AM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/9/2009 2:45 PM 2304192]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [5/2/2008 11:09 AM 161048]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe [2/5/2008 1:03 PM 228480]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [11/6/2009 8:14 AM 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [11/6/2009 8:14 AM 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [11/6/2009 8:14 AM 27800]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [10/28/2008 4:00 AM 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/28/2008 4:00 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [10/28/2008 4:00 AM 7424]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/6/2009 8:14 AM 5832712]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 6:21 PM 21504]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: google.com\www
Trusted Zone: microsoft.com\www
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.11/uploader2.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\jaohysst.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Bella\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\users\Bella\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 06:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-14 06:07
ComboFix-quarantined-files.txt 2009-11-14 14:07
ComboFix2.txt 2009-11-10 00:54

Pre-Run: 211,908,898,816 bytes free
Post-Run: 212,135,469,056 bytes free

- - End Of File - - 4850DFC8C411D05F47062B96D5D5E0BA

-----------------END OF COMBOFIX----------------------------------------

------------------------------- BEGIN MALWARE QUICKSCAN ----------------------

Malwarebytes' Anti-Malware 1.41
Database version: 3174
Windows 6.0.6002 Service Pack 2

11/15/2009 2:58:44 AM
mbam-log-2009-11-15 (02-58-44).txt

Scan type: Quick Scan
Objects scanned: 109287
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------- END OF MALWARE QUICK SCAN -----------------------------

Corrine · Posted: Mon Nov 16, 2009 18:30 pm Post subject:

Hi, Julie.

I think that took care of the remains of the problem. Now for a bit of cleanup and advice. Please do the following to implement cleanup procedures an also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal .

~~~~~~~~~~~~

You told us in your initial post:

Quote:

Have bank account numbers since I use online banking & QuickBooks, client information, the neat receipts scanner driver & program (so all my receipts, insurance policies, medical stuff, etc... for past couple years)

Yet, I am not seeing a software firewall. Even if you are behind a router, a software firewall is advisable. Either activate the Windows Vista firewall or install one of the following firewall programs, free for personal use.

Online Armor Free
Agnitum Outpost Firewall

~~~~~~~~~~~~

You may also want to consider protecting that important data with Bitlocker, a feature available with Windows Vista Ultimate. See http://technet.microsoft.com/en-us/windows/aa905065.aspx for detailed information on Bitlocker.

~~~~~~~~~~~~

As Ad-Aware wasn't of any help and you have Windows Defender as part of the operating system and Malwarebytes' Anti-Malware, you can uninstall AAW if you wish.

~~~~~~~~~~~~

You may want to leave WinPatrol installed on your computer. It is my favorite security program.

~~~~~~~~~~~~

One final thought regarding:

Quote:

My brother who works at Google wouldn't even help me because he didn't have time, the only help he gave me was to come to this site.

Perhaps you should thank your brother and tell him you are switching to Bing. Smile

_________________

Take a walk through my Security Garden