Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2]  All   Go Down

Author Topic: Application cannot be executed. The file ----- is infected.  (Read 40479 times)

0 Members and 1 Guest are viewing this topic.

mikedick88

    Topic Starter


    Rookie

    Re: Application cannot be executed. The file ----- is infected.
    « Reply #15 on: March 07, 2010, 01:37:45 AM »
    Ok here are the two logs good sir.

                                                                     Log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by MikeD at 2010-03-07 02:29:54
    Microsoft® Windows Vista™ Home Premium  Service Pack 2
    System drive C: has 85 GB (61%) free of 140 GB
    Total RAM: 2037 MB (46% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:30:03 AM, on 3/7/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Users\MikeD\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\MikeD.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6568 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
    CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
    "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
    "Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-05-19 3444736]
    "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
    "PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-08-14 716800]
    "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
    "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
    "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
    "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]
    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
    C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-06-23 10536]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2008-03-06 200704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=
    "BindDirectlyToPropertySetStorage"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2010-03-07 02:29:54 ----D---- C:\rsit
    2010-03-06 16:19:46 ----D---- C:\Windows\system32\eu-ES
    2010-03-06 16:19:46 ----D---- C:\Windows\system32\ca-ES
    2010-03-06 16:19:45 ----D---- C:\Windows\system32\vi-VN
    2010-03-06 16:17:08 ----A---- C:\Windows\system32\stacsv.exe
    2010-03-06 08:06:56 ----D---- C:\ProgramData\Office Genuine Advantage
    2010-03-05 16:26:42 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2010-03-05 16:26:41 ----A---- C:\Windows\system32\ntoskrnl.exe
    2010-03-05 16:20:35 ----SHD---- C:\$RECYCLE.BIN
    2010-03-05 16:02:14 ----D---- C:\ComboFix
    2010-03-05 16:01:46 ----A---- C:\Windows\SWXCACLS.exe
    2010-03-05 05:03:59 ----D---- C:\ProgramData\Sun
    2010-03-05 05:03:06 ----A---- C:\Windows\system32\javaws.exe
    2010-03-05 05:03:06 ----A---- C:\Windows\system32\javaw.exe
    2010-03-05 05:03:06 ----A---- C:\Windows\system32\java.exe
    2010-03-05 05:03:06 ----A---- C:\Windows\system32\deploytk.dll
    2010-03-05 02:47:17 ----D---- C:\Program Files\ESET
    2010-03-03 18:22:48 ----A---- C:\Windows\zip.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\SWSC.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\SWREG.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\sed.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\PEV.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\NIRCMD.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\MBR.exe
    2010-03-03 18:22:48 ----A---- C:\Windows\grep.exe
    2010-03-03 18:22:37 ----D---- C:\Windows\ERDNT
    2010-03-03 18:18:08 ----D---- C:\Qoobox
    2010-03-03 17:20:30 ----D---- C:\Program Files\Trend Micro
    2010-03-03 04:36:05 ----D---- C:\Users\MikeD\AppData\Roaming\Malwarebytes
    2010-03-03 04:35:37 ----D---- C:\ProgramData\Malwarebytes
    2010-03-03 04:35:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-03-03 03:46:42 ----D---- C:\ProgramData\SUPERAntiSpyware.com
    2010-03-03 03:46:19 ----D---- C:\Users\MikeD\AppData\Roaming\SUPERAntiSpyware.com
    2010-03-03 03:46:19 ----D---- C:\Program Files\SUPERAntiSpyware
    2010-03-03 03:35:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-02-24 04:25:25 ----A---- C:\Windows\system32\tzres.dll
    2010-02-24 04:24:46 ----A---- C:\Windows\system32\RMActivate_isv.exe
    2010-02-24 04:24:46 ----A---- C:\Windows\system32\RMActivate.exe
    2010-02-24 04:24:45 ----A---- C:\Windows\system32\secproc_isv.dll
    2010-02-24 04:24:45 ----A---- C:\Windows\system32\secproc.dll
    2010-02-24 04:24:44 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
    2010-02-24 04:24:44 ----A---- C:\Windows\system32\RMActivate_ssp.exe
    2010-02-24 04:24:43 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
    2010-02-24 04:24:43 ----A---- C:\Windows\system32\secproc_ssp.dll
    2010-02-24 04:24:43 ----A---- C:\Windows\system32\msdrm.dll
    2010-02-10 16:28:10 ----A---- C:\Windows\system32\tsbyuv.dll
    2010-02-10 16:28:10 ----A---- C:\Windows\system32\quartz.dll
    2010-02-10 16:28:09 ----A---- C:\Windows\system32\msyuv.dll
    2010-02-10 16:28:09 ----A---- C:\Windows\system32\msvidc32.dll
    2010-02-10 16:28:09 ----A---- C:\Windows\system32\msrle32.dll
    2010-02-10 16:28:09 ----A---- C:\Windows\system32\iyuv_32.dll
    2010-02-10 16:28:08 ----A---- C:\Windows\system32\msvfw32.dll
    2010-02-10 16:28:08 ----A---- C:\Windows\system32\mciavi32.dll
    2010-02-10 16:28:08 ----A---- C:\Windows\system32\avifil32.dll

    ======List of files/folders modified in the last 1 months======

    2010-03-07 02:30:03 ----D---- C:\Windows\Prefetch
    2010-03-07 02:29:40 ----D---- C:\Windows\Temp
    2010-03-06 17:12:35 ----D---- C:\Windows\Microsoft.NET
    2010-03-06 17:11:56 ----RSD---- C:\Windows\assembly
    2010-03-06 16:40:57 ----D---- C:\Windows\rescache
    2010-03-06 16:32:30 ----D---- C:\Windows\System32
    2010-03-06 16:32:30 ----D---- C:\Windows\inf
    2010-03-06 16:32:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2010-03-06 16:28:47 ----D---- C:\Windows
    2010-03-06 16:28:39 ----SHD---- C:\Boot
    2010-03-06 16:28:26 ----D---- C:\Windows\system32\catroot
    2010-03-06 16:20:50 ----D---- C:\Program Files\Windows Calendar
    2010-03-06 16:20:49 ----D---- C:\Program Files\Windows Sidebar
    2010-03-06 16:20:49 ----D---- C:\Program Files\Windows Mail
    2010-03-06 16:20:49 ----D---- C:\Program Files\Movie Maker
    2010-03-06 16:20:49 ----D---- C:\Program Files\Internet Explorer
    2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Media Player
    2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Journal
    2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Collaboration
    2010-03-06 16:20:46 ----D---- C:\Program Files\Windows Photo Gallery
    2010-03-06 16:20:46 ----D---- C:\Program Files\Common Files\System
    2010-03-06 16:20:44 ----D---- C:\Windows\servicing
    2010-03-06 16:20:44 ----D---- C:\Program Files\Windows Defender
    2010-03-06 16:20:43 ----D---- C:\Windows\ehome
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\XPSViewer
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\sk-SK
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\lv-LV
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\ko-KR
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\hr-HR
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\et-EE
    2010-03-06 16:20:34 ----D---- C:\Windows\system32\da-DK
    2010-03-06 16:20:34 ----D---- C:\Windows\IME
    2010-03-06 16:20:33 ----D---- C:\Windows\system32\en-US
    2010-03-06 16:20:30 ----D---- C:\Windows\system32\it-IT
    2010-03-06 16:20:30 ----D---- C:\Windows\system32\el-GR
    2010-03-06 16:20:30 ----D---- C:\Windows\system32\de-DE
    2010-03-06 16:20:29 ----D---- C:\Windows\system32\oobe
    2010-03-06 16:20:29 ----D---- C:\Windows\system32\migration
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\sv-SE
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\setup
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\ru-RU
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\hu-HU
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\he-IL
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\fr-FR
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\fi-FI
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\cs-CZ
    2010-03-06 16:20:27 ----D---- C:\Windows\system32\AdvancedInstallers
    2010-03-06 16:20:26 ----D---- C:\Windows\system32\SLUI
    2010-03-06 16:20:26 ----D---- C:\Windows\system32\pt-PT
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\zh-TW
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\zh-CN
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\sr-Latn-CS
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\sl-SI
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\manifeststore
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\es-ES
    2010-03-06 16:20:25 ----D---- C:\Windows\system32\en
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\uk-UA
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\th-TH
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\ro-RO
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\pl-PL
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\ja-JP
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\drivers
    2010-03-06 16:20:24 ----D---- C:\Windows\system32\bg-BG
    2010-03-06 16:20:23 ----D---- C:\Windows\system32\tr-TR
    2010-03-06 16:20:22 ----D---- C:\Windows\system32\wbem
    2010-03-06 16:20:21 ----D---- C:\Windows\system32\nl-NL
    2010-03-06 16:20:21 ----D---- C:\Windows\system32\nb-NO
    2010-03-06 16:20:21 ----D---- C:\Windows\system32\lt-LT
    2010-03-06 16:20:21 ----D---- C:\Windows\system32\ar-SA
    2010-03-06 16:20:20 ----D---- C:\Windows\system32\pt-BR
    2010-03-06 16:20:20 ----D---- C:\Windows\system32\migwiz
    2010-03-06 16:19:53 ----RSD---- C:\Windows\Fonts
    2010-03-06 16:19:53 ----D---- C:\Windows\AppPatch
    2010-03-06 16:19:45 ----D---- C:\Windows\system32\Boot
    2010-03-06 08:38:04 ----D---- C:\Windows\winsxs
    2010-03-06 08:07:46 ----SHD---- C:\System Volume Information
    2010-03-06 08:06:56 ----D---- C:\ProgramData
    2010-03-06 07:26:50 ----D---- C:\Windows\system32\catroot2
    2010-03-06 07:24:59 ----D---- C:\Program Files\Microsoft Silverlight
    2010-03-06 04:13:45 ----SHD---- C:\Windows\Installer
    2010-03-06 04:12:32 ----D---- C:\Windows\system32\zh-HK
    2010-03-06 04:12:27 ----D---- C:\ProgramData\Microsoft Help
    2010-03-06 03:23:44 ----RD---- C:\Program Files
    2010-03-06 03:22:33 ----D---- C:\Program Files\Common Files
    2010-03-06 01:43:24 ----D---- C:\Program Files\Vuze
    2010-03-06 01:42:03 ----D---- C:\Program Files\LimeWire
    2010-03-06 00:17:27 ----D---- C:\Users\MikeD\AppData\Roaming\LimeWire
    2010-03-05 16:20:54 ----A---- C:\Windows\system.ini
    2010-03-05 05:03:48 ----D---- C:\Program Files\Common Files\Java
    2010-03-05 05:02:19 ----D---- C:\Program Files\Java
    2010-03-05 04:50:41 ----D---- C:\Users\MikeD\AppData\Roaming\Azureus
    2010-03-04 14:44:20 ----D---- C:\Program Files\Mozilla Firefox
    2010-03-03 18:36:53 ----D---- C:\Windows\system32\config
    2010-03-03 17:32:28 ----D---- C:\Windows\LiveKernelReports
    2010-03-03 03:46:25 ----SD---- C:\Users\MikeD\AppData\Roaming\Microsoft
    2010-03-03 02:47:47 ----A---- C:\Windows\ntbtlog.txt
    2010-02-12 12:49:18 ----D---- C:\ProgramData\Roxio

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-08-14 132800]
    R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-06-29 110096]
    R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-07-22 146960]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
    R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
    R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-19 1044984]
    R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2009-05-25 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
    R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
    R3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
    R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
    S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
    S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
    S3 catchme;catchme; \??\C:\Users\MikeD\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
    S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
    S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
    S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2007-07-10 36736]
    S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
    R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
    R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
    R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-08-15 1523712]
    R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-05-19 24064]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
    R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-20 21504]
    S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-13 393216]
    S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
    S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
    S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-06-23 16680]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

    -----------------EOF-----------------

                                
    Logged

    mikedick88

      Topic Starter


      Rookie

      Re: Application cannot be executed. The file ----- is infected.
      « Reply #16 on: March 07, 2010, 01:38:59 AM »
      And here is the other log.

                                                                           Info.txt

                                                 Info.txt

      info.txt logfile of random's system information tool 1.06 2010-03-07 02:30:09

      ======Uninstall list======

      -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
      ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
      BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
      Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
      Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
      Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
      Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
      Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
      Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
      Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
      Consumer In-Home Service Agreement-->MsiExec.exe /I{F47C37A4-7189-430A-B81D-739FF8A7A554}
      Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
      Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
      Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
      Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
      Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
      DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
      ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
      FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
      GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
      HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
      ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
      Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
      Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
      Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
      Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
      Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
      Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
      Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
      Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
      Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
      Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
      Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
      Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
      Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
      Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
      Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
      Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
      Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
      Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
      Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
      Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
      NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
      Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
      OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
      OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
      PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
      Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
      QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
      Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
      Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
      Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
      Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
      Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
      Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
      Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
      Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
      Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
      Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
      Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
      Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
      Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
      Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
      Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
      Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
      Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
      Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
      SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
      SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
      Starcraft-->C:\Windows\SCunin.exe C:\Windows\SCunin.dat
      SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
      TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
      TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
      Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
      Unreal Tournament-->C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
      Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
      Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
      Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
      Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
      Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
      Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
      Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
      Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
      Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
      Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
      Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
      WhiteCap-->C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
      Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
      WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

      =====HijackThis Backups=====

      O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) [2010-03-04]
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) [2010-03-04]
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 [2010-03-04]
      O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing) [2010-03-04]

      ======Security center information======

      AV: BitDefender Antivirus (outdated)
      FW: BitDefender Firewall
      AS: BitDefender Antispyware (outdated)
      AS: Windows Defender
      AS: SUPERAntiSpyware (disabled)

      ======System event log======

      Computer Name: MikeD-PC
      Event Code: 4
      Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
      Record Number: 4876
      Source Name: Microsoft-Windows-SpoolerWin32SPL
      Time Written: 20080718234024.000000-000
      Event Type: Warning
      User:

      Computer Name: MikeD-PC
      Event Code: 3004
      Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
       For more information please see the following:
      Not Applicable
          Scan ID: {3D616234-3B5E-4D91-8DA3-34B70F5EB508}
          User: MikeD-PC\MikeD
          Name: Unknown
          ID:
          Severity ID:
          Category ID:
          Path Found: process:pid:3392;service:sprtsvc_dellsupportcenter;file:C:\Program Files\Dell Support Center\bin\sprtsvc.exe
          Alert Type: Unclassified software
          Detection Type:
      Record Number: 4872
      Source Name: Microsoft-Windows-Windows Defender
      Time Written: 20080718234004.000000-000
      Event Type: Warning
      User:

      Computer Name: MikeD-PC
      Event Code: 7030
      Message: The SupportSoft Sprocket Service (dellsupportcenter) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
      Record Number: 4871
      Source Name: Service Control Manager
      Time Written: 20080718234002.000000-000
      Event Type: Error
      User:

      Computer Name: MikeD-PC
      Event Code: 7000
      Message: The BCM42RLY service failed to start due to the following error:
      The system cannot find the file specified.
      Record Number: 4861
      Source Name: Service Control Manager
      Time Written: 20080718232959.000000-000
      Event Type: Error
      User:

      Computer Name: MikeD-PC
      Event Code: 7000
      Message: The BCM42RLY service failed to start due to the following error:
      The system cannot find the file specified.
      Record Number: 4860
      Source Name: Service Control Manager
      Time Written: 20080718232959.000000-000
      Event Type: Error
      User:

      =====Application event log=====

      Computer Name: MikeD-PC
      Event Code: 10
      Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Record Number: 672
      Source Name: Microsoft-Windows-WMI
      Time Written: 20080721195821.000000-000
      Event Type: Error
      User:

      Computer Name: MikeD-PC
      Event Code: 10
      Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Record Number: 570
      Source Name: Microsoft-Windows-WMI
      Time Written: 20080720081152.000000-000
      Event Type: Error
      User:

      Computer Name: MikeD-PC
      Event Code: 1530
      Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

       DETAIL -
       16 user registry handles leaked from \Registry\User\S-1-5-21-1714680841-3676103711-380671668-1000:
      Process 576 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\trust
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\Disallowed
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\TrustedPeople
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\My
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\CA
      Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\Root

      Record Number: 542
      Source Name: Microsoft-Windows-User Profiles Service
      Time Written: 20080720080904.000000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: MikeD-PC
      Event Code: 6000
      Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
      Record Number: 541
      Source Name: Microsoft-Windows-Winlogon
      Time Written: 20080720080904.000000-000
      Event Type: Warning
      User:

      Computer Name: MikeD-PC
      Event Code: 6001
      Message: The winlogon notification subscriber <GPClient> failed a notification event.
      Record Number: 538
      Source Name: Microsoft-Windows-Winlogon
      Time Written: 20080720080902.000000-000
      Event Type: Warning
      User:

      =====Security event log=====

      Computer Name: MikeD-PC
      Event Code: 4648
      Message: A logon was attempted using explicit credentials.

      Subject:
         Security ID:      S-1-5-18
         Account Name:      MIKED-PC$
         Account Domain:      WORKGROUP
         Logon ID:      0x3e7
         Logon GUID:      {00000000-0000-0000-0000-000000000000}

      Account Whose Credentials Were Used:
         Account Name:      MikeD
         Account Domain:      MikeD-PC
         Logon GUID:      {00000000-0000-0000-0000-000000000000}

      Target Server:
         Target Server Name:   localhost
         Additional Information:   localhost

      Process Information:
         Process ID:      0x31c
         Process Name:      C:\Windows\System32\winlogon.exe

      Network Information:
         Network Address:   127.0.0.1
         Port:         0

      This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
      Record Number: 28349
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090714172401.962000-000
      Event Type: Audit Success
      User:

      Computer Name: MikeD-PC
      Event Code: 4672
      Message: Special privileges assigned to new logon.

      Subject:
         Security ID:      S-1-5-18
         Account Name:      SYSTEM
         Account Domain:      NT AUTHORITY
         Logon ID:      0x3e7

      Privileges:      SeAssignPrimaryTokenPrivilege
               SeTcbPrivilege
               SeSecurityPrivilege
               SeTakeOwnershipPrivilege
               SeLoadDriverPrivilege
               SeBackupPrivilege
               SeRestorePrivilege
               SeDebugPrivilege
               SeAuditPrivilege
               SeSystemEnvironmentPrivilege
               SeImpersonatePrivilege
      Record Number: 28348
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090714171222.215000-000
      Event Type: Audit Success
      User:

      Computer Name: MikeD-PC
      Event Code: 4624
      Message: An account was successfully logged on.

      Subject:
         Security ID:      S-1-5-18
         Account Name:      MIKED-PC$
         Account Domain:      WORKGROUP
         Logon ID:      0x3e7

      Logon Type:         5

      New Logon:
         Security ID:      S-1-5-18
         Account Name:      SYSTEM
         Account Domain:      NT AUTHORITY
         Logon ID:      0x3e7
         Logon GUID:      {00000000-0000-0000-0000-000000000000}

      Process Information:
         Process ID:      0x2b8
         Process Name:      C:\Windows\System32\services.exe

      Network Information:
         Workstation Name:   
         Source Network Address:   -
         Source Port:      -

      Detailed Authentication Information:
         Logon Process:      Advapi 
         Authentication Package:   Negotiate
         Transited Services:   -
         Package Name (NTLM only):   -
         Key Length:      0

      This event is generated when a logon session is created. It is generated on the computer that was accessed.

      The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

      The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

      The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

      The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

      The authentication information fields provide detailed information about this specific logon request.
         - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
         - Transited services indicate which intermediate services have participated in this logon request.
         - Package name indicates which sub-protocol was used among the NTLM protocols.
         - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
      Record Number: 28347
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090714171222.215000-000
      Event Type: Audit Success
      User:

      Computer Name: MikeD-PC
      Event Code: 4648
      Message: A logon was attempted using explicit credentials.

      Subject:
         Security ID:      S-1-5-18
         Account Name:      MIKED-PC$
         Account Domain:      WORKGROUP
         Logon ID:      0x3e7
         Logon GUID:      {00000000-0000-0000-0000-000000000000}

      Account Whose Credentials Were Used:
         Account Name:      SYSTEM
         Account Domain:      NT AUTHORITY
         Logon GUID:      {00000000-0000-0000-0000-000000000000}

      Target Server:
         Target Server Name:   localhost
         Additional Information:   localhost

      Process Information:
         Process ID:      0x2b8
         Process Name:      C:\Windows\System32\services.exe

      Network Information:
         Network Address:   -
         Port:         -

      This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
      Record Number: 28346
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090714171222.215000-000
      Event Type: Audit Success
      User:

      Computer Name: MikeD-PC
      Event Code: 4672
      Message: Special privileges assigned to new logon.

      Subject:
         Security ID:      S-1-5-18
         Account Name:      SYSTEM
         Account Domain:      NT AUTHORITY
         Logon ID:      0x3e7

      Privileges:      SeAssignPrimaryTokenPrivilege
               SeTcbPrivilege
               SeSecurityPrivilege
               SeTakeOwnershipPrivilege
               SeLoadDriverPrivilege
               SeBackupPrivilege
               SeRestorePrivilege
               SeDebugPrivilege
               SeAuditPrivilege
               SeSystemEnvironmentPrivilege
               SeImpersonatePrivilege
      Record Number: 28345
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090714161217.137000-000
      Event Type: Audit Success
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      "PROCESSOR_ARCHITECTURE"=x86
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "USERNAME"=SYSTEM
      "windir"=%SystemRoot%
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
      "PROCESSOR_REVISION"=0f0d
      "NUMBER_OF_PROCESSORS"=2
      "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
      "DFSTRACINGON"=FALSE
      "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

      -----------------EOF-----------------
      Logged

      SuperDave

      • Malware Removal Specialist


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Application cannot be executed. The file ----- is infected.
      « Reply #17 on: March 07, 2010, 12:56:02 PM »
      Quote
      There is one thing though. A message pops up from the bottom right icons every so often to tell me about start up programs that have been blocked. I was wondering if that's normal or not. But apart from that everything is wonderful so far.
      If this happens again, can you please get a screen print of the message? Could you please run ESET again as described in Repyl # 5

      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      mikedick88

        Topic Starter


        Rookie

        Re: Application cannot be executed. The file ----- is infected.
        « Reply #18 on: March 08, 2010, 03:20:55 AM »
        The eset scan said they're were no threats detected and the start-up block was referring to malwarebytes so i just ran the program and it hasn't happened on a restart yet.
        Logged

        SuperDave

        • Malware Removal Specialist


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Application cannot be executed. The file ----- is infected.
        « Reply #19 on: March 08, 2010, 01:15:22 PM »
        Ok Mike. If there are no other issues, it's time for some clean-up. You can uninstall HJT, RSIT and ESET. You may keep SAS and MBAM. Update them and run them every week or so to keep your computer clean.

        To uninstall ComboFix

        • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
        • In the field, type in ComboFix /uninstall


        (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

        • Then, press Enter, or click OK.
        • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
        ==============================

        Clean out your temporary internet files and temp files.

        Download TFC by OldTimer to your desktop.

        Double-click TFC.exe to run it.

        Note: If you are running on Vista, right-click on the file and choose Run As Administrator

        TFC will close all programs when run, so make sure you have saved all your work before you begin.

        * Click the Start button to begin the cleaning process.
        * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
        * Please let TFC run uninterrupted until it is finished.

        Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

        ==============================================

        Use the Secunia Software Inspector to check for out of date software.

        •Click Start Now

        •Check the box next to Enable thorough system inspection.

        •Click Start

        •Allow the scan to finish and scroll down to see if any updates are needed.
        •Update anything listed.
        .
        ----------

        Go to Microsoft Windows Update and get all critical updates.

        ----------

        I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

        SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
        * Using SpywareBlaster to protect your computer from Spyware and Malware
        * If you don't know what ActiveX controls are, see here

        Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

        Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

        Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
        Safe Surfing!  ;D

        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        mikedick88

          Topic Starter


          Rookie

          Re: Application cannot be executed. The file ----- is infected.
          « Reply #20 on: March 09, 2010, 05:08:22 AM »
          Ok i downloaded all of that and everything is running just fine. I can't thank you enough. Have a good one man.
          Logged

          SuperDave

          • Malware Removal Specialist


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Application cannot be executed. The file ----- is infected.
          « Reply #21 on: March 09, 2010, 11:28:19 AM »
          You're Welcome. Stay clean. ;D
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's
          Pages: 1 [2]  All   Go Up
          « previous next »