Author Topic: Application cannot be executed. The file ----- is infected. (Read 40112 times)

mikedick88 · « **on:** March 03, 2010, 05:06:34 PM »

Yes i turned my bitdefender firewall off for a couple of days and all of a sudden i started getting a lot of pop ups with that message and some anti-virus software that kept popping up. It was weird seeing as i didn't click on anything suspicious but who knows. I have run the rkill, superantispayware, malwarebytes, and hijack this. I just need someone to look at my logs and help me determine what needs to be taken out. Any help would be awesome and thank you so much in advance. PS. it was hard for a little bit to get the programs to stay open long enough to install and for rkill to stay open long enough to run, but i was able to stop the bogus messages and just need somepne to look at my logs. Peace

mikedick88 · « **Reply #1 on:** March 03, 2010, 05:16:45 PM »

Here are the logs that i have so far.

EXEhelper

exeHelper by Raktor
Build 20091220
Run at exeHelper by Raktor
Build 20091220
Run at 03:43:56 on 03/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20091220
Run at 18:11:42 on 03/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Superantispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2010 at 06:17 AM

Application Version : 4.34.1000

Core Rules Database Version : 4634
Trace Rules Database Version: 2446

Scan type : Complete Scan
Total Scan Time : 02:25:37

Memory items scanned : 637
Memory threats detected : 0
Registry items scanned : 6397
Registry threats detected : 1
File items scanned : 137599
File threats detected : 5

Adware.Tracking Cookie
   C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Cookies\Low\miked@apartmentfinder[2].txt
   C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\MikeD\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

Rogue.AntivirusSoft
   HKU\S-1-5-21-1714680841-3676103711-380671668-1000\Software\avsoft

MBAM Log

Malwarebytes' Anti-Malware 1.44
Database version: 3740
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/3/2010 4:52:24 PM
mbam-log-2010-03-03 (16-52-24).txt

Scan type: Quick Scan
Objects scanned: 121952
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pulcvwtu (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\MikeD\AppData\Local\nfcyye\atvssftav.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:36 PM, on 3/3/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Users\MikeD\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\MikeD\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8481 bytes

SuperDave · « **Reply #2 on:** March 04, 2010, 08:26:20 AM »

Hello mikedick88 and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

I noticed in your HJT log that you are running a P2P file-sharing program (BitTorrent) on your computer. While the program itself is probably safe, the files you download with this program are a major source of infections. Therefore, I strongly urge you to uninstall it.

=============================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

=========================================

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

mikedick88 · « **Reply #3 on:** March 04, 2010, 01:39:11 PM »

Ok I did the scans and here are the logs but i couldn't turn kaspersky off because i deleted it a long time ago along with bittorrent, or so i thought, and i couldn't find any kaspersky files when doing a search through my c: drive. So any suggestions on that and i really appreciate this.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:38 PM, on 3/4/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Users\MikeD\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\MikeD\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6980 bytes

Combo

ComboFix 10-03-04.01 - MikeD 03/04/2010 14:12:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.950 [GMT -6:00]
Running from: c:\users\MikeD\Downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: BitDefender Antispyware *disabled* (Outdated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\progra~1\BITDEF~1\BITDEF~2\ntSVc.ocx
c:\windows\system32\logs\service_log.txt
c:\windows\system32\oem7.inf
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_STacSV

((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 20:23 . 2010-03-04 20:24   --------   d-----w-   c:\users\MikeD\AppData\Local\temp
2010-03-04 20:23 . 2010-03-04 20:23   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2010-03-04 20:23 . 2010-03-04 20:23   --------   d-----w-   c:\users\Mcx1.MikeD-PC\AppData\Local\temp
2010-03-04 20:23 . 2010-03-04 20:23   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-03-03 23:20 . 2010-03-03 23:20   --------   d-----w-   c:\program files\Trend Micro
2010-03-03 22:33 . 2010-03-03 22:33   52224   ----a-w-   c:\users\MikeD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 22:33 . 2010-03-03 22:33   117760   ----a-w-   c:\users\MikeD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 10:36 . 2010-03-03 10:36   --------   d-----w-   c:\users\MikeD\AppData\Roaming\Malwarebytes
2010-03-03 10:35 . 2010-01-07 22:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 10:35 . 2010-03-03 10:35   --------   d-----w-   c:\programdata\Malwarebytes
2010-03-03 10:35 . 2010-01-07 22:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-03 10:35 . 2010-03-03 10:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-03 09:46 . 2010-03-03 09:46   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-03-03 09:46 . 2010-03-03 09:46   65024   ----a-r-   c:\users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-03-03 09:46 . 2010-03-03 09:46   5120   ----a-r-   c:\users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-03-03 09:46 . 2010-03-03 09:46   18944   ----a-r-   c:\users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-03-03 09:46 . 2010-03-03 09:46   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-03 09:46 . 2010-03-03 09:46   --------   d-----w-   c:\users\MikeD\AppData\Roaming\SUPERAntiSpyware.com
2010-03-03 09:35 . 2010-03-03 09:35   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-03 07:18 . 2010-03-03 22:52   --------   d-----w-   c:\users\MikeD\AppData\Local\nfcyye
2010-02-27 10:52 . 2008-08-26 15:35   9117008   ----a-w-   c:\users\MikeD\AppData\Roaming\TomTom\HOME\Profiles\pag9347p.default\extensions\[email protected]\8-016-9380-1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 20:22 . 2008-07-23 08:30   132593696   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2010-03-04 20:21 . 2008-07-22 08:37   --------   d-----w-   c:\users\MikeD\AppData\Roaming\DNA
2010-03-04 00:51 . 2009-05-19 10:57   --------   d-----w-   c:\program files\Steam
2010-03-04 00:47 . 2008-07-23 08:30   1554656   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2010-03-03 23:52 . 2009-05-19 10:57   --------   d-----w-   c:\program files\Common Files\Steam
2010-03-03 08:47 . 2008-07-20 02:15   --------   d-----w-   c:\users\MikeD\AppData\Roaming\LimeWire
2010-03-03 07:46 . 2008-12-28 22:19   --------   d-----w-   c:\users\MikeD\AppData\Roaming\Azureus
2010-02-12 18:49 . 2008-07-19 02:24   --------   d-----w-   c:\programdata\Roxio
2010-02-12 09:51 . 2008-12-28 22:19   --------   d-----w-   c:\program files\Vuze
2010-02-12 09:51 . 2008-12-29 21:22   175   ----a-w-   c:\users\MikeD\AppData\Roaming\Azureus\restart.bat
2010-01-13 09:04 . 2009-08-07 21:28   --------   d-----w-   c:\programdata\Microsoft Help
2010-01-13 09:03 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2008-08-14 00:02 . 2008-08-14 00:02   35840   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
2008-06-24 02:36 . 2008-06-24 02:36   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\MikeD\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2010-03-03 1217872]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-15 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-11 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-23 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-24 00:12   10536   ----a-w-   c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-05-26 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\62nsu96w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\62nsu96w.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\users\MikeD\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 14:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-04 14:28:38
ComboFix-quarantined-files.txt 2010-03-04 20:28

Pre-Run: 92,480,024,576 bytes free
Post-Run: 92,420,599,808 bytes free

- - End Of File - - 9F379B4348A6A9ED326094694042DA80

mikedick88 · « **Reply #4 on:** March 04, 2010, 01:49:34 PM »

also after combofix finished, every time i click on a program it gives me, "Illegal operation attempted on a registry key that has been marked for deletion." The program works if i run as administrator, but do i just need to restart my computer or what.

Disregard this i just restarted and everything is fine.

SuperDave · « **Reply #5 on:** March 04, 2010, 08:06:57 PM »

The log shows that your BitDefender Anti-Virus is out-dated. It is important that you have it updated ASAP. Kaspersky Internet Security is still showing on your computer. Try this to get rid of it.

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for Kaspersky Internet Security and uninstall it.

If that doesn't work, try this.

•Kaspersky Anti-virus Removal Tool - KAVRemover

================================

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

mikedick88 · « **Reply #6 on:** March 05, 2010, 03:52:36 AM »

Ok i have the log and I tried both of the methods for removing kaspersky, but there was no sign of it in the control panel and the remover tool said that no kaspersky software was detected so i don't know on that one.

ESET

C:\Users\MikeD\Documents\Azureus Downloads\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe   probably a variant of Win32/IRCBot trojan   deleted - quarantined
C:\Users\MikeD\Documents\LimeWire\Incomplete\T-5999329-hip hop 2 small tyme ballaz (new album).mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan   cleaned - quarantined
C:\Users\MikeD\Downloads\exeHelper.com   probably a variant of Win32/Agent trojan   cleaned by deleting - quarantined

SuperDave · « **Reply #7 on:** March 05, 2010, 12:16:16 PM »

As you can see from the ESET scan, the P2P programs you are running are infecting your computer. Therefore, I want to urge you again to uninstall such programs. There is still evidence of Limewire and Azureus also know as Vuze.
======================================

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

SecCenter::

{2C4D4BC6-0793-4956-A9F9-E252435469C0}
{2C4D4BC6-0793-4956-A9F9-E252435469C0}
{2C4D4BC6-0793-4956-A9F9-E252435469C0}

DDS::
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
File::
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

mikedick88 · « **Reply #8 on:** March 05, 2010, 02:56:25 PM »

Everytime that i click the combofix.exe from my downloads it basically tells me to turn off my antivirus software and basically goes straight into the scan. There is no install or an icon on my desktop, and i can't select run as an admin. I tried dropping the cfscript file into the combofix icon in the download window but nothing happens.

mikedick88 · « **Reply #9 on:** March 05, 2010, 03:01:07 PM »

Scratch that, I just entered combofix into Run and was able to create a shortcut and run as admin., I dragged the cfscript file into the icon and it is now scanning.

mikedick88 · « **Reply #10 on:** March 05, 2010, 03:50:29 PM »

Ok i have removed both limewire and vuze and here is the combofix log.

Combofix

ComboFix 10-03-05.01 - MikeD 03/05/2010 16:04:47.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.861 [GMT -6:00]
Running from: C:\Users\MikeD\Downloads\ComboFix.exe
Command switches used :: C:\Users\MikeD\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Outdated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\drivers\fidbox.idx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fidbox.dat . . . . failed to delete
c:\windows\system32\drivers\fidbox.idx . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 22:16:48 . 2010-03-05 22:21:40   --------   d-----w-   C:\Users\MikeD\AppData\Local\temp
2010-03-05 22:16:48 . 2010-03-05 22:16:48   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2010-03-05 22:16:48 . 2010-03-05 22:16:48   --------   d-----w-   C:\Users\Mcx1\AppData\Local\temp
2010-03-05 22:16:48 . 2010-03-05 22:16:48   --------   d-----w-   C:\Users\Mcx1.MikeD-PC\AppData\Local\temp
2010-03-05 22:16:48 . 2010-03-05 22:16:48   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2010-03-05 11:03:06 . 2010-03-05 11:02:25   411368   ----a-w-   C:\Windows\system32\deploytk.dll
2010-03-05 08:47:17 . 2010-03-05 08:47:17   --------   d-----w-   C:\Program Files\ESET
2010-03-03 23:20:30 . 2010-03-03 23:20:30   --------   d-----w-   C:\Program Files\Trend Micro
2010-03-03 10:36:05 . 2010-03-03 10:36:05   --------   d-----w-   C:\Users\MikeD\AppData\Roaming\Malwarebytes
2010-03-03 10:35:48 . 2010-01-07 22:07:14   38224   ----a-w-   C:\Windows\system32\drivers\mbamswissarmy.sys
2010-03-03 10:35:37 . 2010-03-03 10:35:37   --------   d-----w-   C:\ProgramData\Malwarebytes
2010-03-03 10:35:36 . 2010-01-07 22:07:04   19160   ----a-w-   C:\Windows\system32\drivers\mbam.sys
2010-03-03 10:35:34 . 2010-03-03 10:35:56   --------   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 09:46:42 . 2010-03-03 09:46:42   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2010-03-03 09:46:19 . 2010-03-03 09:46:21   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2010-03-03 09:46:19 . 2010-03-03 09:46:19   --------   d-----w-   C:\Users\MikeD\AppData\Roaming\SUPERAntiSpyware.com
2010-03-03 09:35:09 . 2010-03-03 09:35:09   --------   d-----w-   C:\Program Files\Common Files\Wise Installation Wizard
2010-03-03 07:18:27 . 2010-03-03 22:52:24   --------   d-----w-   C:\Users\MikeD\AppData\Local\nfcyye

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 22:24:51 . 2008-07-23 08:30:39   137443360   ----a-w-   C:\Windows\system32\drivers\fidbox.dat
2010-03-05 22:23:51 . 2009-05-19 10:57:32   --------   d-----w-   C:\Program Files\Steam
2010-03-05 22:17:23 . 2008-07-23 08:30:39   1612568   ------w-   C:\Windows\system32\drivers\fidbox.idx
2010-03-05 11:08:08 . 2008-07-20 02:15:43   --------   d-----w-   C:\Users\MikeD\AppData\Roaming\LimeWire
2010-03-05 11:03:48 . 2008-06-23 23:54:05   --------   d-----w-   C:\Program Files\Common Files\Java
2010-03-05 11:02:19 . 2008-06-23 23:54:06   --------   d-----w-   C:\Program Files\Java
2010-03-05 10:50:41 . 2008-12-28 22:19:42   --------   d-----w-   C:\Users\MikeD\AppData\Roaming\Azureus
2010-03-03 23:52:40 . 2009-05-19 10:57:34   --------   d-----w-   C:\Program Files\Common Files\Steam
2010-03-03 22:33:15 . 2010-03-03 22:33:15   52224   ----a-w-   C:\Users\MikeD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 22:33:12 . 2010-03-03 22:33:12   117760   ----a-w-   C:\Users\MikeD\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 09:46:25 . 2010-03-03 09:46:25   65024   ----a-r-   C:\Users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-03-03 09:46:25 . 2010-03-03 09:46:25   5120   ----a-r-   C:\Users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-03-03 09:46:25 . 2010-03-03 09:46:25   18944   ----a-r-   C:\Users\MikeD\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2010-02-12 18:49:18 . 2008-07-19 02:24:54   --------   d-----w-   C:\ProgramData\Roxio
2010-02-12 09:51:58 . 2008-12-28 22:19:09   --------   d-----w-   C:\Program Files\Vuze
2010-02-12 09:51:48 . 2008-12-29 21:22:56   175   ----a-w-   C:\Users\MikeD\AppData\Roaming\Azureus\restart.bat
2010-01-13 09:04:36 . 2009-08-07 21:28:43   --------   d-----w-   C:\ProgramData\Microsoft Help
2010-01-13 09:03:08 . 2006-11-02 11:18:33   --------   d-----w-   C:\Program Files\Windows Mail
2008-08-14 00:02:10 . 2008-08-14 00:02:10   35840   ----a-w-   C:\Program Files\mozilla firefox\components\FFComm.dll
2008-06-24 02:36:21 . 2008-06-24 02:36:20   8192   --sha-w-   C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 16:13:58 206064]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"Steam"="C:\Program Files\Steam\Steam.exe" [2010-03-03 22:30:25 1217872]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 11:31:12 247144]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 17:02:04 2356088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 09:25:26 167936]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 07:58:24 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 07:58:10 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 07:58:14 133656]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 18:00:00 174872]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-05-19 06:26:20 3444736]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 17:44:42 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 15:58:06 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 16:13:58 206064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 07:04:34 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 20:44:48 405504]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-08-15 01:14:28 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-11 04:53:30 69632]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 22:07:10 1394000]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 17:43:18 248040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-6-23 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42   548352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-24 00:12:07   10536   ----a-w-   C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 18:06:56 118784]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 16:15:58 12872]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 19:59:16 20760]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 16:25:50 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 16:15:58 66632]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 20:31:10 73728]
S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 18:07:02 82568]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 11:31:14 92008]
S3 bdfm;bdfm;C:\Windows\system32\drivers\bdfm.sys [2009-05-26 02:45:49 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 23:54:44 102208]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 07:58:44 111616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\62nsu96w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Program Files\Mozilla Firefox\components\FFComm.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Users\MikeD\AppData\Roaming\Mozilla\Firefox\Profiles\62nsu96w.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

SuperDave · « **Reply #11 on:** March 05, 2010, 07:18:04 PM »

That looks good. How's your computer running?

mikedick88 · « **Reply #12 on:** March 06, 2010, 12:37:48 AM »

It's definitely doing a lot better. I haven't seen any sign of the problems since we started.

mikedick88 · « **Reply #13 on:** March 06, 2010, 02:16:36 AM »

There is one thing though. A message pops up from the bottom right icons every so often to tell me about start up programs that have been blocked. I was wondering if that's normal or not. But apart from that everything is wonderful so far.

SuperDave · « **Reply #14 on:** March 06, 2010, 01:35:55 PM »

Let's try this tool.

Download random's system information tool (RSIT) by random/random from here and save it to your Desktop.

•Double click on RSIT.exe to run.(Vista users: right-click and run as Administrator

•Click Continue at the disclaimer screen.

•Once it has finished, two logs will open.
•log.txt <will be maximized and info.txt <will be minimized

•Please post the contents of both logs in the next reply.

mikedick88 · « **Reply #15 on:** March 07, 2010, 01:37:45 AM »

Ok here are the two logs good sir.

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by MikeD at 2010-03-07 02:29:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 85 GB (61%) free of 140 GB
Total RAM: 2037 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:03 AM, on 3/7/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\MikeD\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MikeD.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6568 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-05-04 167936]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-06 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-06 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-06 133656]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-05-19 3444736]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-08-14 716800]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-06-23 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-03-07 02:29:54 ----D---- C:\rsit
2010-03-06 16:19:46 ----D---- C:\Windows\system32\eu-ES
2010-03-06 16:19:46 ----D---- C:\Windows\system32\ca-ES
2010-03-06 16:19:45 ----D---- C:\Windows\system32\vi-VN
2010-03-06 16:17:08 ----A---- C:\Windows\system32\stacsv.exe
2010-03-06 08:06:56 ----D---- C:\ProgramData\Office Genuine Advantage
2010-03-05 16:26:42 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-05 16:26:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-05 16:20:35 ----SHD---- C:\$RECYCLE.BIN
2010-03-05 16:02:14 ----D---- C:\ComboFix
2010-03-05 16:01:46 ----A---- C:\Windows\SWXCACLS.exe
2010-03-05 05:03:59 ----D---- C:\ProgramData\Sun
2010-03-05 05:03:06 ----A---- C:\Windows\system32\javaws.exe
2010-03-05 05:03:06 ----A---- C:\Windows\system32\javaw.exe
2010-03-05 05:03:06 ----A---- C:\Windows\system32\java.exe
2010-03-05 05:03:06 ----A---- C:\Windows\system32\deploytk.dll
2010-03-05 02:47:17 ----D---- C:\Program Files\ESET
2010-03-03 18:22:48 ----A---- C:\Windows\zip.exe
2010-03-03 18:22:48 ----A---- C:\Windows\SWSC.exe
2010-03-03 18:22:48 ----A---- C:\Windows\SWREG.exe
2010-03-03 18:22:48 ----A---- C:\Windows\sed.exe
2010-03-03 18:22:48 ----A---- C:\Windows\PEV.exe
2010-03-03 18:22:48 ----A---- C:\Windows\NIRCMD.exe
2010-03-03 18:22:48 ----A---- C:\Windows\MBR.exe
2010-03-03 18:22:48 ----A---- C:\Windows\grep.exe
2010-03-03 18:22:37 ----D---- C:\Windows\ERDNT
2010-03-03 18:18:08 ----D---- C:\Qoobox
2010-03-03 17:20:30 ----D---- C:\Program Files\Trend Micro
2010-03-03 04:36:05 ----D---- C:\Users\MikeD\AppData\Roaming\Malwarebytes
2010-03-03 04:35:37 ----D---- C:\ProgramData\Malwarebytes
2010-03-03 04:35:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-03 03:46:42 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-03-03 03:46:19 ----D---- C:\Users\MikeD\AppData\Roaming\SUPERAntiSpyware.com
2010-03-03 03:46:19 ----D---- C:\Program Files\SUPERAntiSpyware
2010-03-03 03:35:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-24 04:25:25 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 04:24:46 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 04:24:46 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 04:24:45 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 04:24:45 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 04:24:44 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:24:44 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 04:24:43 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 04:24:43 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 04:24:43 ----A---- C:\Windows\system32\msdrm.dll
2010-02-10 16:28:10 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 16:28:10 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 16:28:09 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 16:28:09 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 16:28:09 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 16:28:09 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 16:28:08 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 16:28:08 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 16:28:08 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-07 02:30:03 ----D---- C:\Windows\Prefetch
2010-03-07 02:29:40 ----D---- C:\Windows\Temp
2010-03-06 17:12:35 ----D---- C:\Windows\Microsoft.NET
2010-03-06 17:11:56 ----RSD---- C:\Windows\assembly
2010-03-06 16:40:57 ----D---- C:\Windows\rescache
2010-03-06 16:32:30 ----D---- C:\Windows\System32
2010-03-06 16:32:30 ----D---- C:\Windows\inf
2010-03-06 16:32:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-06 16:28:47 ----D---- C:\Windows
2010-03-06 16:28:39 ----SHD---- C:\Boot
2010-03-06 16:28:26 ----D---- C:\Windows\system32\catroot
2010-03-06 16:20:50 ----D---- C:\Program Files\Windows Calendar
2010-03-06 16:20:49 ----D---- C:\Program Files\Windows Sidebar
2010-03-06 16:20:49 ----D---- C:\Program Files\Windows Mail
2010-03-06 16:20:49 ----D---- C:\Program Files\Movie Maker
2010-03-06 16:20:49 ----D---- C:\Program Files\Internet Explorer
2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Media Player
2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Journal
2010-03-06 16:20:48 ----D---- C:\Program Files\Windows Collaboration
2010-03-06 16:20:46 ----D---- C:\Program Files\Windows Photo Gallery
2010-03-06 16:20:46 ----D---- C:\Program Files\Common Files\System
2010-03-06 16:20:44 ----D---- C:\Windows\servicing
2010-03-06 16:20:44 ----D---- C:\Program Files\Windows Defender
2010-03-06 16:20:43 ----D---- C:\Windows\ehome
2010-03-06 16:20:34 ----D---- C:\Windows\system32\XPSViewer
2010-03-06 16:20:34 ----D---- C:\Windows\system32\sk-SK
2010-03-06 16:20:34 ----D---- C:\Windows\system32\lv-LV
2010-03-06 16:20:34 ----D---- C:\Windows\system32\ko-KR
2010-03-06 16:20:34 ----D---- C:\Windows\system32\hr-HR
2010-03-06 16:20:34 ----D---- C:\Windows\system32\et-EE
2010-03-06 16:20:34 ----D---- C:\Windows\system32\da-DK
2010-03-06 16:20:34 ----D---- C:\Windows\IME
2010-03-06 16:20:33 ----D---- C:\Windows\system32\en-US
2010-03-06 16:20:30 ----D---- C:\Windows\system32\it-IT
2010-03-06 16:20:30 ----D---- C:\Windows\system32\el-GR
2010-03-06 16:20:30 ----D---- C:\Windows\system32\de-DE
2010-03-06 16:20:29 ----D---- C:\Windows\system32\oobe
2010-03-06 16:20:29 ----D---- C:\Windows\system32\migration
2010-03-06 16:20:27 ----D---- C:\Windows\system32\sv-SE
2010-03-06 16:20:27 ----D---- C:\Windows\system32\setup
2010-03-06 16:20:27 ----D---- C:\Windows\system32\ru-RU
2010-03-06 16:20:27 ----D---- C:\Windows\system32\hu-HU
2010-03-06 16:20:27 ----D---- C:\Windows\system32\he-IL
2010-03-06 16:20:27 ----D---- C:\Windows\system32\fr-FR
2010-03-06 16:20:27 ----D---- C:\Windows\system32\fi-FI
2010-03-06 16:20:27 ----D---- C:\Windows\system32\cs-CZ
2010-03-06 16:20:27 ----D---- C:\Windows\system32\AdvancedInstallers
2010-03-06 16:20:26 ----D---- C:\Windows\system32\SLUI
2010-03-06 16:20:26 ----D---- C:\Windows\system32\pt-PT
2010-03-06 16:20:25 ----D---- C:\Windows\system32\zh-TW
2010-03-06 16:20:25 ----D---- C:\Windows\system32\zh-CN
2010-03-06 16:20:25 ----D---- C:\Windows\system32\sr-Latn-CS
2010-03-06 16:20:25 ----D---- C:\Windows\system32\sl-SI
2010-03-06 16:20:25 ----D---- C:\Windows\system32\manifeststore
2010-03-06 16:20:25 ----D---- C:\Windows\system32\es-ES
2010-03-06 16:20:25 ----D---- C:\Windows\system32\en
2010-03-06 16:20:24 ----D---- C:\Windows\system32\uk-UA
2010-03-06 16:20:24 ----D---- C:\Windows\system32\th-TH
2010-03-06 16:20:24 ----D---- C:\Windows\system32\ro-RO
2010-03-06 16:20:24 ----D---- C:\Windows\system32\pl-PL
2010-03-06 16:20:24 ----D---- C:\Windows\system32\ja-JP
2010-03-06 16:20:24 ----D---- C:\Windows\system32\drivers
2010-03-06 16:20:24 ----D---- C:\Windows\system32\bg-BG
2010-03-06 16:20:23 ----D---- C:\Windows\system32\tr-TR
2010-03-06 16:20:22 ----D---- C:\Windows\system32\wbem
2010-03-06 16:20:21 ----D---- C:\Windows\system32\nl-NL
2010-03-06 16:20:21 ----D---- C:\Windows\system32\nb-NO
2010-03-06 16:20:21 ----D---- C:\Windows\system32\lt-LT
2010-03-06 16:20:21 ----D---- C:\Windows\system32\ar-SA
2010-03-06 16:20:20 ----D---- C:\Windows\system32\pt-BR
2010-03-06 16:20:20 ----D---- C:\Windows\system32\migwiz
2010-03-06 16:19:53 ----RSD---- C:\Windows\Fonts
2010-03-06 16:19:53 ----D---- C:\Windows\AppPatch
2010-03-06 16:19:45 ----D---- C:\Windows\system32\Boot
2010-03-06 08:38:04 ----D---- C:\Windows\winsxs
2010-03-06 08:07:46 ----SHD---- C:\System Volume Information
2010-03-06 08:06:56 ----D---- C:\ProgramData
2010-03-06 07:26:50 ----D---- C:\Windows\system32\catroot2
2010-03-06 07:24:59 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-06 04:13:45 ----SHD---- C:\Windows\Installer
2010-03-06 04:12:32 ----D---- C:\Windows\system32\zh-HK
2010-03-06 04:12:27 ----D---- C:\ProgramData\Microsoft Help
2010-03-06 03:23:44 ----RD---- C:\Program Files
2010-03-06 03:22:33 ----D---- C:\Program Files\Common Files
2010-03-06 01:43:24 ----D---- C:\Program Files\Vuze
2010-03-06 01:42:03 ----D---- C:\Program Files\LimeWire
2010-03-06 00:17:27 ----D---- C:\Users\MikeD\AppData\Roaming\LimeWire
2010-03-05 16:20:54 ----A---- C:\Windows\system.ini
2010-03-05 05:03:48 ----D---- C:\Program Files\Common Files\Java
2010-03-05 05:02:19 ----D---- C:\Program Files\Java
2010-03-05 04:50:41 ----D---- C:\Users\MikeD\AppData\Roaming\Azureus
2010-03-04 14:44:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-03 18:36:53 ----D---- C:\Windows\system32\config
2010-03-03 17:32:28 ----D---- C:\Windows\LiveKernelReports
2010-03-03 03:46:25 ----SD---- C:\Users\MikeD\AppData\Roaming\Microsoft
2010-03-03 02:47:47 ----A---- C:\Windows\ntbtlog.txt
2010-02-12 12:49:18 ----D---- C:\ProgramData\Roxio

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-08-14 132800]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-06-29 110096]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-07-22 146960]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-19 1044984]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2009-05-25 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2008-02-26 8448]
R3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-10 93696]
S3 catchme;catchme; \??\C:\Users\MikeD\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2007-07-10 36736]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-08-15 1523712]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-05-19 24064]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-13 393216]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-06-23 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

-----------------EOF-----------------

mikedick88 · « **Reply #16 on:** March 07, 2010, 01:38:59 AM »

And here is the other log.

Info.txt

Info.txt

info.txt logfile of random's system information tool 1.06 2010-03-07 02:30:09

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Consumer In-Home Service Agreement-->MsiExec.exe /I{F47C37A4-7189-430A-B81D-739FF8A7A554}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.5.

-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Starcraft-->C:\Windows\SCunin.exe C:\Windows\SCunin.dat
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Unreal Tournament-->C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
WhiteCap-->C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) [2010-03-04]
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) [2010-03-04]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 [2010-03-04]
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing) [2010-03-04]

======Security center information======

AV: BitDefender Antivirus (outdated)
FW: BitDefender Firewall
AS: BitDefender Antispyware (outdated)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: MikeD-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 4876
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20080718234024.000000-000
Event Type: Warning
User:

Computer Name: MikeD-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
    Scan ID: {3D616234-3B5E-4D91-8DA3-34B70F5EB508}
    User: MikeD-PC\MikeD
    Name: Unknown
    ID:
    Severity ID:
    Category ID:
    Path Found: process:pid:3392;service:sprtsvc_dellsupportcenter;file:C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    Alert Type: Unclassified software
    Detection Type:
Record Number: 4872
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20080718234004.000000-000
Event Type: Warning
User:

Computer Name: MikeD-PC
Event Code: 7030
Message: The SupportSoft Sprocket Service (dellsupportcenter) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Record Number: 4871
Source Name: Service Control Manager
Time Written: 20080718234002.000000-000
Event Type: Error
User:

Computer Name: MikeD-PC
Event Code: 7000
Message: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 4861
Source Name: Service Control Manager
Time Written: 20080718232959.000000-000
Event Type: Error
User:

Computer Name: MikeD-PC
Event Code: 7000
Message: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 4860
Source Name: Service Control Manager
Time Written: 20080718232959.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: MikeD-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 672
Source Name: Microsoft-Windows-WMI
Time Written: 20080721195821.000000-000
Event Type: Error
User:

Computer Name: MikeD-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 570
Source Name: Microsoft-Windows-WMI
Time Written: 20080720081152.000000-000
Event Type: Error
User:

Computer Name: MikeD-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-1714680841-3676103711-380671668-1000:
Process 576 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Policies\Microsoft\SystemCertificates
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\trust
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\My
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\CA
Process 752 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1714680841-3676103711-380671668-1000\Software\Microsoft\SystemCertificates\Root

Record Number: 542
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080720080904.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MikeD-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 541
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080720080904.000000-000
Event Type: Warning
User:

Computer Name: MikeD-PC
Event Code: 6001
Message: The winlogon notification subscriber <GPClient> failed a notification event.
Record Number: 538
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080720080902.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: MikeD-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
   Security ID:      S-1-5-18
   Account Name:      MIKED-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
   Account Name:      MikeD
   Account Domain:      MikeD-PC
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Target Server:
   Target Server Name:   localhost
   Additional Information:   localhost

Process Information:
   Process ID:      0x31c
   Process Name:      C:\Windows\System32\winlogon.exe

Network Information:
   Network Address:   127.0.0.1
   Port:         0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 28349
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090714172401.962000-000
Event Type: Audit Success
User:

Computer Name: MikeD-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 28348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090714171222.215000-000
Event Type: Audit Success
User:

Computer Name: MikeD-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      MIKED-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x2b8
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 28347
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090714171222.215000-000
Event Type: Audit Success
User:

Computer Name: MikeD-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
   Security ID:      S-1-5-18
   Account Name:      MIKED-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Target Server:
   Target Server Name:   localhost
   Additional Information:   localhost

Process Information:
   Process ID:      0x2b8
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Network Address:   -
   Port:         -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 28346
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090714171222.215000-000
Event Type: Audit Success
User:

Computer Name: MikeD-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 28345
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090714161217.137000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------

SuperDave · « **Reply #17 on:** March 07, 2010, 12:56:02 PM »

Quote

There is one thing though. A message pops up from the bottom right icons every so often to tell me about start up programs that have been blocked. I was wondering if that's normal or not. But apart from that everything is wonderful so far.

If this happens again, can you please get a screen print of the message? Could you please run ESET again as described in Repyl # 5

mikedick88 · « **Reply #18 on:** March 08, 2010, 03:20:55 AM »

The eset scan said they're were no threats detected and the start-up block was referring to malwarebytes so i just ran the program and it hasn't happened on a restart yet.

SuperDave · « **Reply #19 on:** March 08, 2010, 01:15:22 PM »

Ok Mike. If there are no other issues, it's time for some clean-up. You can uninstall HJT, RSIT and ESET. You may keep SAS and MBAM. Update them and run them every week or so to keep your computer clean.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

==============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

==============================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

mikedick88 · « **Reply #20 on:** March 09, 2010, 05:08:22 AM »

Ok i downloaded all of that and everything is running just fine. I can't thank you enough. Have a good one man.

SuperDave · « **Reply #21 on:** March 09, 2010, 11:28:19 AM »

You're Welcome. Stay clean.

Computer Hope Forum

News:

Author Topic: Application cannot be executed. The file ----- is infected. (Read 40112 times)

mikedick88

mikedick88

SuperDave

mikedick88

mikedick88

SuperDave

mikedick88

SuperDave

mikedick88

mikedick88

mikedick88

SuperDave

mikedick88

mikedick88

SuperDave

mikedick88

mikedick88

SuperDave

mikedick88

SuperDave

mikedick88

SuperDave