Virus,malware,adware help

cmj3169 · #1 June 15th, 2010, 08:34 PM

I've been getting some pop-ups saying my computer is infected with some virus and that my computer is not safe. So far I have run super anti spyware and spybot but i still get the pop-ups.Any help would be greatly appreciated. Thank you , Chris Juarez

**Jintan** · #2 June 19th, 2010, 02:39 AM

Welcome to CTH cmj3169,

Let's take a look. From checking the other CTH forum thread you started, I am assuming this system is Vista, so the following scan programs should run okay there.

Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

cmj3169 · #3 June 24th, 2010, 05:06 PM

Hello , sorry it took so long to respond but I was away for awhile. hopefully it hasn't been too long and you can still help me.Here are those logs you requested, again thank you for your help.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Leo at 2010-06-24 11:00:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 451 GB (75%) free of 599 GB
Total RAM: 3966 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:00:17 AM, on 6/24/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode with network support

Running processes:
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Users\Chris\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Leo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {5aa14397-d310-447d-8548-2dd90218a07d} - C:\Program Files (x86)\CoolChaser Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files (x86)\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100518120547.dl l
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FCTBPos00Pos - {FC78E410-0EFA-4BEC-B283-D1DB1922F420} - C:\Program Files (x86)\CoolChaser Toolbar\Toolbar.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: CoolChaser Toolbar - {B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - C:\Program Files (x86)\CoolChaser Toolbar\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-478202926-1321007077-2844117644-1038\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Chris')
O4 - HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsoemon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsoemon.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=GRxdm011YYUS
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files (x86)\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files (x86)\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/DDD%20Pool/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/DDD%20Pool/Images/armhelper.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13682 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForOwner.job
C:\Windows\tasks\Norton Security Scan for Leo.job
C:\Windows\tasks\User_Feed_Synchronization-{082A9F09-AECA-4428-8527-D2DDE234FCE8}.job
C:\Windows\tasks\User_Feed_Synchronization-{33917053-15DF-46F6-BE8B-D71E8790074D}.job
C:\Windows\tasks\User_Feed_Synchronization-{3D7EECC7-D8BF-4BF2-81ED-2CCEFFFA42CA}.job
C:\Windows\tasks\User_Feed_Synchronization-{42F2308D-2318-4F90-AAED-E4AF64B34BFD}.job
C:\Windows\tasks\User_Feed_Synchronization-{45C13C12-8834-4262-8AD4-A8843A91904A}.job
C:\Windows\tasks\User_Feed_Synchronization-{67CC7DF3-D1E4-4E70-AD07-EF0357E8743F}.job
C:\Windows\tasks\User_Feed_Synchronization-{BA8FE593-BF6B-40EB-AE76-34A1F23424B5}.job
C:\Windows\tasks\User_Feed_Synchronization-{D1FD90AD-ADFB-468B-8B6F-A8D9E2C00C85}.job

cmj3169 · #4 June 24th, 2010, 05:08 PM

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSSRCAS.DLL [2010-06-03 54680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL [2010-06-03 759288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]
Smart-Shopper - C:\Program Files (x86)\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll [2008-10-07 1172952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyn1.dll [2010-02-22 2353176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100518120547.dl l [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-22 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll [2010-05-27 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2010-05-31 835072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FC78E410-0EFA-4BEC-B283-D1DB1922F420}]
Freecause Toolbar BHO - C:\Program Files (x86)\CoolChaser Toolbar\Toolbar.dll [2010-05-12 1558528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3 [2009-04-24 2650112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files (x86)\MyWebSearch\bar\3.bin\MWSBAR.DLL [2010-06-03 759288]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Profile Pimp - C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3 [2009-04-24 2650112]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files (x86)\Zynga\tbZyn1.dll [2010-02-22 2353176]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2010-05-31 835072]
{B0208007-27C1-4BCD-93EF-EFF5DB61FC22} - CoolChaser Toolbar - C:\Program Files (x86)\CoolChaser Toolbar\Toolbar.dll [2010-05-12 1558528]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-22 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
""= []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~2\MYWEBS~1\bar\3.bin\m3SrchMn.e xe [2010-06-03 28783]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\Windows\system32\rundll32.exe [2006-11-02 44544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-04-26 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.e

cmj3169 · #5 June 24th, 2010, 05:08 PM

C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfevtp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ded8776f-fbca-11dd-b4a0-001fc66f4bee}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-24 10:54:54 ----D---- C:\Program Files (x86)\trend micro
2010-06-24 10:54:53 ----D---- C:\rsit
2010-06-24 10:51:30 ----A---- C:\Windows\ntbtlog.txt
2010-06-23 21:23:32 ----D---- C:\ProgramData\McAfee Security Scan
2010-06-23 21:23:31 ----D---- C:\Program Files (x86)\McAfee Security Scan
2010-06-23 03:00:38 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-06-23 03:00:38 ----A---- C:\Windows\SysWOW64\EncDec.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-06-22 22:58:01 ----A---- C:\Windows\SysWOW64\Apphlpdm.dll
2010-06-22 22:58:00 ----A---- C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2010-06-22 15:22:06 ----D---- C:\ProgramData\Ubisoft
2010-06-21 06:00:29 ----HD---- C:\Windows\msdownld.tmp
2010-06-21 06:00:21 ----D---- C:\Windows\SysWOW64\directx
2010-06-19 01:55:50 ----D---- C:\Windows\pss
2010-06-19 00:24:30 ----D---- C:\Program Files (x86)\WinRAR
2010-06-18 19:09:48 ----D---- C:\Users\Leo\AppData\Roaming\uTorrent
2010-06-18 19:09:48 ----D---- C:\Program Files (x86)\uTorrent
2010-06-18 13:23:44 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-06-18 13:23:43 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-06-18 13:23:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-06-18 13:23:42 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\x3daudio1_2.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-06-18 13:23:40 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-06-18 13:23:38 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-06-18 13:23:35 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-06-18 13:23:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-06-18 13:23:34 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-06-18 13:23:32 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-06-18 13:23:30 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-06-18 13:23:30 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-06-18 13:23:29 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-06-18 13:23:27 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-06-18 13:23:27 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-06-18 13:23:26 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-06-18 13:23:25 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-06-18 13:23:24 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-06-18 13:23:23 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-06-18 13:23:22 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-06-18 13:23:20 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-06-18 13:23:09 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-06-18 13:23:08 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-06-18 13:23:08 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-06-18 13:23:07 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-06-18 13:22:50 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-06-18 13:22:46 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-06-18 13:22:42 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-06-18 13:22:40 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-06-18 13:22:40 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-06-15 10:09:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-15 10:04:23 ----D---- C:\Users\Leo\AppData\Roaming\SUPERAntiSpyware.com
2010-06-15 10:04:23 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-06-12 18:15:27 ----D---- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2010-06-12 18:15:21 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-06-12 18:15:21 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2010-06-09 19:40:49 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-06-09 19:40:48 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-06-09 19:40:40 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-06-09 19:40:37 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-06-09 19:40:37 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-06-09 19:40:36 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-06-09 19:40:36 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\occache.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-06-09 19:40:10 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-06-09 19:36:29 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-06-08 12:31:59 ----D---- C:\ProgramData\Mozilla Firefox
2010-05-26 06:09:11 ----A---- C:\Windows\SysWOW64\tzres.dll

======List of files/folders modified in the last 1 months======

2010-06-24 11:00:14 ----D---- C:\Windows\Temp
2010-06-24 10:57:49 ----D---- C:\Windows\System32
2010-06-24 10:57:49 ----D---- C:\Windows\inf
2010-06-24 10:54:54 ----RD---- C:\Program Files (x86)
2010-06-24 10:51:30 ----D---- C:\WINDOWS
2010-06-24 10:47:41 ----D---- C:\Windows\Prefetch
2010-06-24 10:19:07 ----SHD---- C:\System Volume Information
2010-06-23 21:26:38 ----D---- C:\ProgramData\NOS
2010-06-23 21:23:32 ----HD---- C:\ProgramData
2010-06-23 21:23:12 ----D---- C:\Program Files (x86)\NOS
2010-06-23 17:57:48 ----D---- C:\Users\Leo\AppData\Roaming\LimeWire
2010-06-23 03:13:52 ----D---- C:\Windows\Microsoft.NET
2010-06-23 03:13:31 ----RSD---- C:\Windows\assembly
2010-06-23 03:04:22 ----D---- C:\Windows\SysWOW64
2010-06-23 03:04:22 ----D---- C:\Windows\ehome
2010-06-23 03:04:22 ----D---- C:\Windows\AppPatch
2010-06-23 03:02:12 ----D---- C:\Windows\winsxs
2010-06-22 20:30:32 ----SHD---- C:\Windows\Installer
2010-06-19 01:16:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-06-18 17:18:27 ----D---- C:\Program Files (x86)\Common Files
2010-06-16 01:52:53 ----D---- C:\Windows\Tasks
2010-06-15 15:18:10 ----SD---- C:\Windows\Downloaded Program Files
2010-06-15 15:18:10 ----D---- C:\Program Files (x86)\Internet Explorer
2010-06-15 15:17:52 ----D---- C:\ProgramData\HP Product Assistant
2010-06-15 15:17:51 ----D---- C:\Program Files (x86)\Smart-Shopper
2010-06-15 15:17:51 ----D---- C:\Program Files (x86)\My.Freeze.com NetAssistant
2010-06-15 15:17:50 ----D---- C:\Program Files (x86)\Free Offers from Freeze.com
2010-06-15 15:17:46 ----D---- C:\Windows\registration
2010-06-15 14:03:28 ----SD---- C:\ProgramData\Microsoft
2010-06-15 09:49:57 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-06-15 09:13:22 ----D---- C:\Windows\Debug
2010-06-12 18:14:22 ----D---- C:\Windows\Logs
2010-06-10 03:10:40 ----D---- C:\Windows\SysWOW64\wbem
2010-06-10 03:10:35 ----D---- C:\Windows\SysWOW64\migration
2010-06-10 03:10:34 ----D---- C:\Program Files (x86)\Windows Mail
2010-06-06 20:19:23 ----SHD---- C:\$Recycle.Bin
2010-06-06 20:18:56 ----RD---- C:\Users
2010-06-02 15:58:37 ----D---- C:\Program Files (x86)\Inbox Toolbar
2010-05-29 10:42:18 ----AD---- C:\ProgramData\TEMP
2010-05-27 00:45:24 ----D---- C:\Windows\rescache
2010-05-27 00:22:42 ----D---- C:\Windows\SysWOW64\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys []
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
S3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
S3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
S3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 244840]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 148520]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
S2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 110312]
S2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-14 199032]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwssvc.exe [2010-06-03 28762]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
S2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe [2008-07-27 93184]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 509416]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

cmj3169 · #6 June 24th, 2010, 05:12 PM

info.txt logfile of random's system information tool 1.06 2010-06-24 10:55:06

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_P lugin.exe -maintain plugin
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
blinkx beat-->C:\Program Files (x86)\Blinkx\templates\uninstall.exe
CCleaner-->"C:\Users\Chris\Downloads\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoolChaser Toolbar-->C:\Program Files (x86)\CoolChaser Toolbar\Uninst.exe
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DDD Pool-->C:\Program Files (x86)\DDD Pool\uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_6447DDAF760 F41DD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware Diagnostic Tools-->C:\Program Files (x86)\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Javascript Obfuscator Trial-->C:\Program Files (x86)\Javascript Obfuscator Trial\uninstall.exe
Kazaa Music Plugin-->"C:\Program Files (x86)\Altnet Music Plugin\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire 5.3.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
McAfee AntiVirus Plus-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSN Toolbar-->"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\InstallMgr\InstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Oasis-->MsiExec.exe /I{C17F3696-8EE5-46B0-ADD7-7F5ED6208879}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
My Web Search (Webfetti)-->rundll32 C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsbar.dll,O
My.Freeze.com NetAssistant-->"C:\Program Files (x86)\My.Freeze.com NetAssistant\settings_uninstall_app.exe" --uninstall
Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.ex e /X
Nursing Assistant CD-->C:\Windows\unvise32.exe C:\Program Files (x86)\Mosby Nursing Assistant\Maininstaller.log
PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Profile Pimp-->regsvr32 /u /s "C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
SmartShopper-->C:\Program Files (x86)\Smart-Shopper\Uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VirtualCloneDrive-->"C:\Users\Chris\Downloads\VClone\VirtualCloneDriv e\vcd-uninst.exe" /D="C:\Users\Chris\Downloads\VClone\VirtualCloneDri ve"
W Photo Studio-->MsiExec.exe /X{C2B676E6-FA49-48B9-A616-5FC5DD488006}
WeatherBug-->MsiExec.exe /X{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~2\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Zoosk Messenger-->msiexec /qb /x {7437BD50-C3B4-2933-927F-D57AD558A38A}
Zoosk Messenger-->MsiExec.exe /I{7437BD50-C3B4-2933-927F-D57AD558A38A}
Zynga Toolbar-->C:\PROGRA~2\Zynga\UNWISE.EXE /U C:\PROGRA~2\Zynga\INSTALL.LOG

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 172275
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155235.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server:
{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Record Number: 172276
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 172290
Source Name: Service Control Manager
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ElbyCDIO
spldr
Wanarpv6
Record Number: 172302
Source Name: Service Control Manager
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 172308
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155503.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-478202926-1321007077-2844117644-1038:
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Policies\Microsoft\Windows\CurrentVe rsion\Internet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Policies

Record Number: 60316
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100623174926.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-478202926-1321007077-2844117644-1038_Classes:
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 60317
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100623174926.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 60410
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100624155224.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\event systemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 60412
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100624155232.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 60415
Source Name: Microsoft-Windows-WMI
Time Written: 20100624155309.000000-000
Event Type: Error
User:

cmj3169 · #7 June 24th, 2010, 05:47 PM

info.txt logfile of random's system information tool 1.06 2010-06-24 10:55:06

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_P lugin.exe -maintain plugin
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
blinkx beat-->C:\Program Files (x86)\Blinkx\templates\uninstall.exe
CCleaner-->"C:\Users\Chris\Downloads\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoolChaser Toolbar-->C:\Program Files (x86)\CoolChaser Toolbar\Uninst.exe
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
DDD Pool-->C:\Program Files (x86)\DDD Pool\uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_6447DDAF760 F41DD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hardware Diagnostic Tools-->C:\Program Files (x86)\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Javascript Obfuscator Trial-->C:\Program Files (x86)\Javascript Obfuscator Trial\uninstall.exe
Kazaa Music Plugin-->"C:\Program Files (x86)\Altnet Music Plugin\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire 5.3.6-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
McAfee AntiVirus Plus-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSN Toolbar-->"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\InstallMgr\InstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Oasis-->MsiExec.exe /I{C17F3696-8EE5-46B0-ADD7-7F5ED6208879}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
My Web Search (Webfetti)-->rundll32 C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsbar.dll,O
My.Freeze.com NetAssistant-->"C:\Program Files (x86)\My.Freeze.com NetAssistant\settings_uninstall_app.exe" --uninstall
Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.ex e /X
Nursing Assistant CD-->C:\Windows\unvise32.exe C:\Program Files (x86)\Mosby Nursing Assistant\Maininstaller.log
PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
Profile Pimp-->regsvr32 /u /s "C:\Program Files (x86)\IEToolbar\Profile Pimp\tbcore3.dll"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
SmartShopper-->C:\Program Files (x86)\Smart-Shopper\Uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VirtualCloneDrive-->"C:\Users\Chris\Downloads\VClone\VirtualCloneDriv e\vcd-uninst.exe" /D="C:\Users\Chris\Downloads\VClone\VirtualCloneDri ve"
W Photo Studio-->MsiExec.exe /X{C2B676E6-FA49-48B9-A616-5FC5DD488006}
WeatherBug-->MsiExec.exe /X{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~2\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Zoosk Messenger-->msiexec /qb /x {7437BD50-C3B4-2933-927F-D57AD558A38A}
Zoosk Messenger-->MsiExec.exe /I{7437BD50-C3B4-2933-927F-D57AD558A38A}
Zynga Toolbar-->C:\PROGRA~2\Zynga\UNWISE.EXE /U C:\PROGRA~2\Zynga\INSTALL.LOG

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 172275
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155235.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server:
{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
Record Number: 172276
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 172290
Source Name: Service Control Manager
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ElbyCDIO
spldr
Wanarpv6
Record Number: 172302
Source Name: Service Control Manager
Time Written: 20100624155309.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 172308
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100624155503.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-478202926-1321007077-2844117644-1038:
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Policies\Microsoft\Windows\CurrentVe rsion\Internet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038\Software\Policies

Record Number: 60316
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100623174926.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-478202926-1321007077-2844117644-1038_Classes:
Process 1628 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv. exe) has opened key \REGISTRY\USER\S-1-5-21-478202926-1321007077-2844117644-1038_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 60317
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100623174926.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 60410
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100624155224.000000-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\event systemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 60412
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100624155232.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 60415
Source Name: Microsoft-Windows-WMI
Time Written: 20100624155309.000000-000
Event Type: Error
User:

**Jintan** · #8 June 25th, 2010, 12:53 AM

The logs show quite a boatload of installed adware/spyware/search hijacker toolbars and programs. Really need to no agree when some program or web page encourages a toolbar install, or at least do a web search on it and then decide.

Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

CoolChaser Toolbar
Inbox Toolbar
My Web Search (Webfetti)
My.Freeze.com NetAssistant
PokerStars
Profile Pimp
SmartShopper
Zynga Toolbar

If you would like info on why any of those are undesirable just ask.

----------------

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

Along with that run and post a new RSIT main log please.

cmj3169 · #9 June 25th, 2010, 06:20 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4239

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

6/25/2010 12:19:30 PM
mbam-log-2010-06-25 (12-19-30).txt

Scan type: Quick scan
Objects scanned: 266432
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 41
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\07838834 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\21036113 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Weemi (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Leo\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

cmj3169 · #10 June 25th, 2010, 06:25 PM

Logfile of random's system information tool 1.07 (written by random/random)
Run by Leo at 2010-06-25 12:24:48
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 445 GB (74%) free of 599 GB
Total RAM: 3966 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:58 PM, on 6/25/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\ProgramData\Mozilla Firefox\firefox.exe
C:\ProgramData\Mozilla Firefox\plugin-container.exe
C:\Users\Chris\Downloads\CyberTechHelp\RSIT.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\trend micro\Leo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100518120547.dl l
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~2\UNINST~1.DLL,O -3
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-478202926-1321007077-2844117644-1038\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Chris')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files (x86)\vghd\vghd.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/DDD%20Pool/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/DDD%20Pool/Images/armhelper.ocx
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10977 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForOwner.job
C:\Windows\tasks\Norton Security Scan for Leo.job
C:\Windows\tasks\User_Feed_Synchronization-{082A9F09-AECA-4428-8527-D2DDE234FCE8}.job
C:\Windows\tasks\User_Feed_Synchronization-{33917053-15DF-46F6-BE8B-D71E8790074D}.job
C:\Windows\tasks\User_Feed_Synchronization-{3D7EECC7-D8BF-4BF2-81ED-2CCEFFFA42CA}.job
C:\Windows\tasks\User_Feed_Synchronization-{42F2308D-2318-4F90-AAED-E4AF64B34BFD}.job
C:\Windows\tasks\User_Feed_Synchronization-{45C13C12-8834-4262-8AD4-A8843A91904A}.job
C:\Windows\tasks\User_Feed_Synchronization-{67CC7DF3-D1E4-4E70-AD07-EF0357E8743F}.job
C:\Windows\tasks\User_Feed_Synchronization-{BA8FE593-BF6B-40EB-AE76-34A1F23424B5}.job
C:\Windows\tasks\User_Feed_Synchronization-{D1FD90AD-ADFB-468B-8B6F-A8D9E2C00C85}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100518120547.dl l [2010-04-27 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-22 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll [2010-05-27 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 1205560]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-22 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
""= []
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

cmj3169 · #11 June 25th, 2010, 06:26 PM

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Uninstall Adobe Download Manager"=C:\Windows\system32\rundll32.exe [2006-11-02 44544]
"MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~2\UNINST~1.DLL,O -3 []
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-04-26 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup
DesktopVideoPlayer.LNK - C:\Program Files (x86)\vghd\vghd.exe
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\mfevtp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ded8776f-fbca-11dd-b4a0-001fc66f4bee}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-25 12:06:57 ----D---- C:\Program Files (x86)\Microsoft Games
2010-06-25 12:04:24 ----D---- C:\Users\Leo\AppData\Roaming\Malwarebytes
2010-06-25 12:04:09 ----D---- C:\ProgramData\Malwarebytes
2010-06-25 12:04:08 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-06-25 11:59:38 ----A---- C:\Windows\_MSRSTRT.EXE
2010-06-24 13:39:07 ----D---- C:\Program Files (x86)\vghd
2010-06-24 10:54:54 ----D---- C:\Program Files (x86)\trend micro
2010-06-24 10:54:53 ----D---- C:\rsit
2010-06-24 10:51:30 ----A---- C:\Windows\ntbtlog.txt
2010-06-23 21:23:32 ----D---- C:\ProgramData\McAfee Security Scan
2010-06-23 21:23:31 ----D---- C:\Program Files (x86)\McAfee Security Scan
2010-06-23 03:00:38 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-06-23 03:00:38 ----A---- C:\Windows\SysWOW64\EncDec.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-06-23 03:00:26 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-06-22 22:58:01 ----A---- C:\Windows\SysWOW64\Apphlpdm.dll
2010-06-22 22:58:00 ----A---- C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2010-06-22 15:22:06 ----D---- C:\ProgramData\Ubisoft
2010-06-21 06:00:29 ----HD---- C:\Windows\msdownld.tmp
2010-06-21 06:00:21 ----D---- C:\Windows\SysWOW64\directx
2010-06-19 01:55:50 ----D---- C:\Windows\pss
2010-06-19 00:24:30 ----D---- C:\Program Files (x86)\WinRAR
2010-06-18 19:09:48 ----D---- C:\Users\Leo\AppData\Roaming\uTorrent
2010-06-18 19:09:48 ----D---- C:\Program Files (x86)\uTorrent
2010-06-18 13:23:44 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-06-18 13:23:43 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-06-18 13:23:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-06-18 13:23:42 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\x3daudio1_2.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-06-18 13:23:41 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-06-18 13:23:40 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-06-18 13:23:38 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-06-18 13:23:35 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-06-18 13:23:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-06-18 13:23:34 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-06-18 13:23:32 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-06-18 13:23:30 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-06-18 13:23:30 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-06-18 13:23:29 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-06-18 13:23:27 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-06-18 13:23:27 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-06-18 13:23:26 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-06-18 13:23:25 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-06-18 13:23:24 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-06-18 13:23:23 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-06-18 13:23:22 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-06-18 13:23:20 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-06-18 13:23:09 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-06-18 13:23:08 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-06-18 13:23:08 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-06-18 13:23:07 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-06-18 13:22:50 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-06-18 13:22:46 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-06-18 13:22:42 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-06-18 13:22:40 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-06-18 13:22:40 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-06-15 10:09:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-06-15 10:04:23 ----D---- C:\Users\Leo\AppData\Roaming\SUPERAntiSpyware.com
2010-06-15 10:04:23 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-06-12 18:15:27 ----D---- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2010-06-12 18:15:21 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-06-12 18:15:21 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2010-06-09 19:40:49 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-06-09 19:40:48 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-06-09 19:40:40 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-06-09 19:40:37 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-06-09 19:40:37 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-06-09 19:40:36 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-06-09 19:40:36 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\occache.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-06-09 19:40:35 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-06-09 19:40:34 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-06-09 19:40:10 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-06-09 19:36:29 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-06-08 12:31:59 ----D---- C:\ProgramData\Mozilla Firefox
2010-05-26 06:09:11 ----A---- C:\Windows\SysWOW64\tzres.dll

======List of files/folders modified in the last 1 months======

2010-06-25 12:24:59 ----D---- C:\Windows\Temp
2010-06-25 12:24:58 ----D---- C:\Windows\Prefetch
2010-06-25 12:19:30 ----RD---- C:\Program Files (x86)
2010-06-25 12:19:30 ----HD---- C:\ProgramData
2010-06-25 12:06:06 ----D---- C:\Windows\System32
2010-06-25 12:06:06 ----D---- C:\Windows\inf
2010-06-25 12:04:10 ----D---- C:\Windows\SysWOW64\drivers
2010-06-25 12:01:01 ----D---- C:\Program Files (x86)\IEToolbar
2010-06-25 11:59:38 ----D---- C:\WINDOWS
2010-06-25 11:58:09 ----D---- C:\Program Files (x86)\PokerStars
2010-06-25 11:57:06 ----D---- C:\Windows\SysWOW64
2010-06-25 01:33:38 ----SHD---- C:\System Volume Information
2010-06-24 16:12:31 ----SHD---- C:\Windows\Installer
2010-06-24 16:12:31 ----D---- C:\Windows\winsxs
2010-06-23 21:26:38 ----D---- C:\ProgramData\NOS
2010-06-23 21:23:12 ----D---- C:\Program Files (x86)\NOS
2010-06-23 17:57:48 ----D---- C:\Users\Leo\AppData\Roaming\LimeWire
2010-06-23 03:13:52 ----D---- C:\Windows\Microsoft.NET
2010-06-23 03:13:31 ----RSD---- C:\Windows\assembly
2010-06-23 03:04:22 ----D---- C:\Windows\ehome
2010-06-23 03:04:22 ----D---- C:\Windows\AppPatch
2010-06-19 01:16:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-06-18 17:18:27 ----D---- C:\Program Files (x86)\Common Files
2010-06-16 01:52:53 ----D---- C:\Windows\Tasks
2010-06-15 15:18:10 ----SD---- C:\Windows\Downloaded Program Files
2010-06-15 15:18:10 ----D---- C:\Program Files (x86)\Internet Explorer
2010-06-15 15:17:52 ----D---- C:\ProgramData\HP Product Assistant
2010-06-15 15:17:51 ----D---- C:\Program Files (x86)\My.Freeze.com NetAssistant
2010-06-15 15:17:50 ----D---- C:\Program Files (x86)\Free Offers from Freeze.com
2010-06-15 15:17:46 ----D---- C:\Windows\registration
2010-06-15 14:03:28 ----SD---- C:\ProgramData\Microsoft
2010-06-15 09:49:57 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-06-15 09:13:22 ----D---- C:\Windows\Debug
2010-06-12 18:14:22 ----D---- C:\Windows\Logs
2010-06-10 03:10:40 ----D---- C:\Windows\SysWOW64\wbem
2010-06-10 03:10:35 ----D---- C:\Windows\SysWOW64\migration
2010-06-10 03:10:34 ----D---- C:\Program Files (x86)\Windows Mail
2010-06-06 20:19:23 ----SHD---- C:\$Recycle.Bin
2010-06-06 20:18:56 ----RD---- C:\Users
2010-05-29 10:42:18 ----AD---- C:\ProgramData\TEMP
2010-05-27 00:45:24 ----D---- C:\Windows\rescache
2010-05-27 00:22:42 ----D---- C:\Windows\SysWOW64\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys []
R1 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys []
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 mfeavfk01;McAfee Inc.; C:\Windows\SysWOW64\drivers\mfeavfk01.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 110312]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-04-14 199032]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-27 244840]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-27 148520]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
S2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe [2008-07-27 93184]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 getPlusHelper;@C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 509416]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------

**Jintan** · #12 June 25th, 2010, 11:43 PM

Only seeing a MyWebSearch setting in that, but it is their remove on reboot setting so should just fade after the next reboot. Let's do an additional scan to make sure nothing remains there.

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

**Jintan** · #13 June 25th, 2010, 11:44 PM

FYI - if you run that scan from your browser, be sure to open the browser by right clicking the shortcut, and selecting Run as administrator. If you download the file and run it, again right click that file - Run as admin.