View Full Version : Gunk in the trunk
windowguy
2009-06-09, 20:08
Hi, I have managed to get some kind of gunk on my PC XP,
I use firefox not explorer and I sell windows for houses which
is where I got my nickname. I know nearly nothing about computers
and my techno abilities are only slightly above those of Fred Flinstone.
I appreciate your help,
Thank you
Here is Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:41 AM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - HKUS\S-1-5-21-906592872-1445438531-2970854567-500\..\Run: [Sonic RecordNow!] (User 'Administrator')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12839 bytes
Dakeyras
2009-06-10, 10:49
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi windowguy and welcome to Safer Networking :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:
Please download Rooter.exe (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Feric.71.mespages.googlepages.com%2FRooter.exe) to your desktop.
Then double-click it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt.
Post the contents of Rooter.txt in your next reply.
Next:
Now lets carry out a more in-depth scan of your computer shall we as follows:
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application.
Double click on RSIT.exe and to start RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any other symptoms and or problems encountered?
Rooter Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
windowguy
2009-06-10, 17:41
I already didn't follow directions I poste all three logs in this post
several of my keyboard keys do not work
d s (the number three on both the ten key and the above the pound key)
the number 2 on the ten key works but not the key with the a with a circle
around it.
Thank you for your help
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76253 Mo/Free:2603 Mo)
D:\ [CD-Rom] (Total:606 Mo/Free:0 Mo)
Wed 06/10/2009| 6:26
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
---------- C:\WINDOWS\System32\CTsvcCDA.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
---------- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
---------- C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\System32\MsPMSPSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\BCMSMMSG.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
---------- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Wed 06/10/2009| 6:27
----------------------\\ Scan completed at 6:27
windowguy
2009-06-10, 17:42
Log Text
Logfile of random's system information tool 1.06 (written by random/random)
Run by office at 2009-06-10 06:30:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 510 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:20 AM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\office\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\office.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotDeletingA7147] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5399] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - HKCU\..\RunOnce: [SpybotDeletingB6604] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8008] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12975 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1077060195.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-02 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-06-24 245760]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"MW1HelperStartUp"=C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1 []
"ZingSpooler"=C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe [2002-08-02 200704]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"HostManager"=C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe [2005-08-02 159832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-09-16 274432]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-27 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-21 180269]
"eTrustPPAP"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA7147"=command.com /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingC5399"=cmd.exe /c del C:\WINDOWS\SchedLgU.Txt []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-05-02 3334144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanUp!"=C:\Program Files\CleanUp!\Cleanup.exe [2006-06-25 442368]
"SpybotDeletingB6604"=command.com /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD8008"=cmd.exe /c del C:\WINDOWS\SchedLgU.Txt []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\office\Desktop\bittorrent.exe"="C:\Documents and Settings\office\Desktop\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf3e2b7-7a01-11d9-bbc9-000d5655335a}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
======List of files/folders created in the last 3 months======
2009-06-10 06:30:59 ----D---- C:\rsit
2009-06-10 06:27:02 ----A---- C:\Rooter.txt
2009-06-10 06:26:10 ----D---- C:\Rooter$
2009-06-09 08:54:49 ----D---- C:\Program Files\Trend Micro
2009-06-09 06:54:49 ----D---- C:\WINDOWS\ERDNT
2009-06-09 06:54:22 ----D---- C:\Program Files\ERUNT
2009-06-03 07:51:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-03 07:39:26 ----D---- C:\WINDOWS\Minidump
2009-06-01 17:07:22 ----A---- C:\WINDOWS\wqversion.ini
2009-06-01 17:06:08 ----D---- C:\Program Files\WQbyWindsor
2009-05-30 17:44:42 ----D---- C:\Documents and Settings\office\Application Data\Move Networks
2009-05-20 18:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-20 18:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-19 09:10:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-19 09:10:00 ----D---- C:\WINDOWS\Prefetch
2009-05-19 08:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-19 08:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-19 08:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-19 08:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-19 08:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-19 08:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-19 08:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-19 08:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-19 08:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-19 08:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-19 08:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-19 08:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-19 08:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-19 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-19 08:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-19 08:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-19 08:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-19 08:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-19 08:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-19 08:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-19 08:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-19 08:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-19 08:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-19 08:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-19 08:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-19 08:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-05-19 08:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-19 08:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-19 08:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\en-us
2009-05-19 08:00:37 ----D---- C:\WINDOWS\system32\scripting
2009-05-19 08:00:34 ----D---- C:\WINDOWS\l2schemas
2009-05-19 08:00:32 ----D---- C:\WINDOWS\system32\en
2009-05-19 07:48:27 ----D---- C:\WINDOWS\network diagnostic
2009-05-19 07:45:10 ----A---- C:\WINDOWS\imsins.BAK
2009-05-18 14:37:19 ----D---- C:\Documents and Settings\office\Application Data\JELD-WEN
2009-05-18 14:29:25 ----D---- C:\Program Files\JELD-WEN
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\Zlib.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbzip11.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbuzip10.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspyvb6.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspy5.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\kvbFileSystemLib.dll
2009-05-18 14:29:06 ----D---- C:\WINDOWS\system32\FONTS
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\pdfexpt.dll
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\ccrpTmr6.dll
2009-05-18 14:29:05 ----A---- C:\WINDOWS\system32\actrpt2.dll
2009-05-16 19:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-05-16 19:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-05-16 19:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-05-16 19:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-05-16 19:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-05-16 19:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-16 19:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-05-16 19:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-05-16 19:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-05-16 19:52:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-05-16 19:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-16 19:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-05-16 19:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-05-16 19:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-16 19:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-05-16 19:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-05-16 19:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-05-16 19:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-05-16 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-05-16 19:46:44 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-16 19:46:40 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-05-16 19:46:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-05-16 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-05-16 19:46:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-05-16 19:46:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-05-16 19:46:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-05-16 19:45:55 ----N---- C:\WINDOWS\system32\setupn.exe
2009-05-16 19:45:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-16 19:45:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-05-16 19:45:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-05-16 19:45:41 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-05-16 19:45:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napstat.exe
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\mssha.dll
2009-05-16 19:44:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-16 19:44:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-16 19:44:35 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-16 19:44:16 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-05-16 19:44:15 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-05-16 19:43:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-16 19:43:38 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-16 19:43:33 ----N---- C:\WINDOWS\system32\credssp.dll
2009-05-16 19:43:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-16 19:43:17 ----N---- C:\WINDOWS\system32\azroles.dll
2009-05-16 19:42:47 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-05-16 19:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-05-16 19:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-05-16 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-05-16 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-05-16 19:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-05-16 19:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-05-16 19:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-05-16 18:16:26 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-16 11:54:38 ----D---- C:\Program Files\NETGEAR
======List of files/folders modified in the last 3 months======
2009-06-10 06:23:22 ----D---- C:\Program Files\Mozilla Firefox
2009-06-09 12:17:17 ----D---- C:\Documents and Settings\office\Application Data\Skype
2009-06-09 11:49:46 ----D---- C:\WINDOWS\Temp
2009-06-09 10:27:08 ----A---- C:\WINDOWS\wininit.ini
2009-06-09 10:20:37 ----D---- C:\Documents and Settings\office\Application Data\skypePM
2009-06-09 09:11:19 ----D---- C:\WINDOWS
2009-06-09 08:54:49 ----RD---- C:\Program Files
2009-06-08 10:38:12 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-06-05 10:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 15:54:28 ----D---- C:\Documents and Settings\office\Application Data\AdobeUM
2009-06-01 15:51:21 ----SHD---- C:\WINDOWS\Installer
2009-05-31 10:35:29 ----D---- C:\WINDOWS\SYSTEM32
2009-05-30 10:30:27 ----D---- C:\Program Files\Norton SystemWorks
2009-05-29 08:13:10 ----D---- C:\Program Files\Common Files\Adobe
2009-05-29 07:24:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-29 07:22:50 ----SD---- C:\WINDOWS\Tasks
2009-05-29 07:22:20 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-29 07:12:48 ----HD---- C:\WINDOWS\INF
2009-05-29 07:11:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 03:03:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-19 09:14:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-19 09:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-05-19 09:09:10 ----D---- C:\WINDOWS\IME
2009-05-19 09:09:10 ----D---- C:\WINDOWS\AppPatch
2009-05-19 09:09:09 ----D---- C:\WINDOWS\system32\WBEM
2009-05-19 09:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-05-19 09:08:53 ----D---- C:\WINDOWS\system32\DRIVERS
2009-05-19 09:08:34 ----D---- C:\WINDOWS\SECURITY
2009-05-19 08:14:10 ----D---- C:\Program Files\Messenger
2009-05-19 08:13:53 ----D---- C:\WINDOWS\WinSxS
2009-05-19 08:01:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-19 08:01:14 ----D---- C:\WINDOWS\system32\INETSRV
2009-05-19 08:01:11 ----D---- C:\WINDOWS\Help
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\USMT
2009-05-19 08:00:35 ----D---- C:\Program Files\Internet Explorer
2009-05-19 08:00:31 ----D---- C:\WINDOWS\system32\bits
2009-05-19 08:00:31 ----D---- C:\WINDOWS\peernet
2009-05-19 08:00:31 ----D---- C:\Program Files\Movie Maker
2009-05-19 07:53:13 ----D---- C:\WINDOWS\system32\Restore
2009-05-19 07:53:12 ----D---- C:\WINDOWS\system32\NPP
2009-05-19 07:53:12 ----D---- C:\WINDOWS\MUI
2009-05-19 07:53:10 ----D---- C:\WINDOWS\MSAGENT
2009-05-19 07:53:07 ----D---- C:\WINDOWS\SRCHASST
2009-05-19 07:53:05 ----D---- C:\Program Files\NetMeeting
2009-05-19 07:53:02 ----D---- C:\WINDOWS\system32\Com
2009-05-19 07:52:58 ----D---- C:\Program Files\Windows Media Player
2009-05-19 07:52:57 ----D---- C:\Program Files\Windows NT
2009-05-19 07:52:56 ----D---- C:\Program Files\Outlook Express
2009-05-19 07:52:50 ----D---- C:\Program Files\Common Files\System
2009-05-19 07:52:24 ----D---- C:\WINDOWS\system32\OOBE
2009-05-19 07:52:20 ----D---- C:\WINDOWS\SYSTEM
2009-05-19 07:44:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-19 07:44:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-19 07:37:24 ----D---- C:\WINDOWS\EHome
2009-05-18 16:47:01 ----D---- C:\Documents and Settings\office\Application Data\Mozilla
2009-05-16 19:34:31 ----A---- C:\WINDOWS\WIN.INI
2009-05-16 18:20:11 ----D---- C:\WINDOWS\Debug
2009-05-16 17:47:45 ----D---- C:\Westwood
2009-05-16 11:58:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 11:54:52 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-16 11:51:34 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-16 11:07:59 ----D---- C:\temp
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-21 06:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-16 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-16 151297]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe []
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-09-21 323584]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2002-05-03 65536]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
-----------------EOF-----------------
windowguy
2009-06-10, 17:43
info txt
info.txt logfile of random's system information tool 1.06 2009-06-10 06:31:26
======Uninstall list======
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->MsiExec.exe /X{EE43210C-266E-4101-8FBC-04378D5E9D42}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOL Explorer-->C:\Program Files\Common Files\AOL\1131403017\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0-->"C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
BitTorrent 4.2.2-->"C:\Documents and Settings\office\Desktop\uninstall.exe"
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Builders and Premium Wood (Rantoul)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\BUILDE~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\BUILDE~1\Install.log
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Custom Wood (Bend)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\CUSTOM~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\CUSTOM~1\Install.log
CutePDF Writer 2.2-->C:\WINDOWS\System32\uninscpw.exe C:\Program Files\
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
DS21Patch-->MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
hp officejet 6100 series-->MsiExec.exe /X{12BB7942-1E1F-43D9-B441-4668C1629425}
hp officejet 7100 series-->C:\WINDOWS\System32\hpocon09.exe /u 1077906751 /d "hp officejet 7100 series"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp officejet 6100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
ImageStation Easy Upload Tools-->C:\Program Files\Easy Upload Tools\UninstallHelper\UninstallHelper.exe
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1033
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JELD-WEN Quick Quote-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\install.log
LAN-Fax Utilities-->Rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IfxUninst.dll,UnInstall LAN-Fax Utilities
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Premium Wood (Hawkins,Ringtown)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\PREMIU~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\PREMIU~1\Install.log
QuickBooks Premier Edition 2005-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="superpro" QBFULLNAME="QuickBooks Premier Edition 2005" ADDREMOVE=1
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
Quotemaster 3 uninstall-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F204A49-152F-4756-9AB1-3105269E3DD0}\Setup.exe" -l0x9 -uninst
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
v 8.01-->"C:\Program Files\WQbyWindsor\unins000.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vinyl & Aluminum-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\VINYL&~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\VINYL&~1\Install.log
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
======System event log======
Computer Name: FRONTOFFICE
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 27271
Source Name: bcm4sbxp
Time Written: 20080617175745.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 7001
Message: The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 27244
Source Name: Service Control Manager
Time Written: 20080617174846.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 27237
Source Name: bcm4sbxp
Time Written: 20080617174635.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 7001
Message: The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 27228
Source Name: Service Control Manager
Time Written: 20080617174609.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 1073
Message: The attempt to unknown FRONTOFFICE failed
Record Number: 27223
Source Name: USER32
Time Written: 20080604141213.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: FRONTOFFICE
Event Code: 19011
Message:
Record Number: 6523
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20060317192859.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 7.5.311.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 6460
Source Name: Application Hang
Time Written: 20060314155814.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 1517
Message: Windows saved user FRONTOFFICE\office registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6459
Source Name: Userenv
Time Written: 20060310173632.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: FRONTOFFICE
Event Code: 19011
Message:
Record Number: 6458
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20060310093450.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtmled.dll, version 6.0.2900.2781, fault address 0x00035686.
Record Number: 6453
Source Name: Application Error
Time Written: 20060303131945.000000-480
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Dakeyras
2009-06-11, 00:10
Hi :)
I already didn't follow directions I poste all three logs in this postNot a problem.
several of my keyboard keys do not work d s (the number three on both the ten key and the above the pound key)
the number 2 on the ten key works but not the key with the a with a circle
around it. We can address this in due course OK.
Thank you for your helpYou're welcome!
Next:
Take your time with the instructions below. Some may appear daunting but I assure you it is not the case OK :bigthumb:
Now please delete Rooter.exe from the desktop, this folder:- C:\Rooter$ and this file text C:\Rooter.
Then empty your Recycle Bin, as we do not need to use this scanning application again.
Next:
A few questions if I may, is AOL your ISP(Internet Service Provider)?
Is this actually your own personal computer or a business computer?
Peer to Peer Advice:
I would like for your good self to read the below forum topic:
File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
This is undoubtedly one of the reasons your computer is infected. I will be asking you shortly to uninstall the following per forum policy, thank you.
BitTorrent 4.2.2
LimeWire 4.16.7
Norton/Symantec RT:
Please download the Norton Removal Tool (ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe) and Save it to your Desktop.
Close all programs and double-click the Norton_Removal_Tool.exe then click Run
Follow the on-screen instructions.
Restart the computer if asked.
Then delete Norton_Removal_Tool.exe from your desktop.
Then empty your Recycle Bin.
Next:
Older Adobe and Java installations pose a security risk and a back-door for malware to reinfect as system. I will be asking you to uninstall these shortly. Do not worry we will update both in a safe manner in due course.
You have Lavasoft Ad-Aware presently installed and active in system memory and this is taking up valuable system resources. My advice would be to uninstall this as your computer has limited memory which I can advice about later.
Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):
Ad-Aware 2007
BitTorrent 4.2.2
Adobe Reader 7.0.8
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire 4.16.7
Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
Disable Spybot S&D TeaTimer's Registry Guard:
This is so it does not interfere with the malware removal process, you may re-enable this when I give the all clear.
If you have version 1.5 or 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Note: The above must be completed before proceeding any further!
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Click on Start >> Run...(or press the Windows Key and R together) to bring up the Run box box and and copy and paste in:
%userprofile%\desktop\rsit.exeand click on OK
Now click on Run and RSIT will start.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any other symptoms and or problems encountered?
Answer to my AOL & ownership query.
A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
windowguy
2009-06-11, 20:08
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
[/list]When completed the above, please post back the following in the order asked for:
How is you computer performing now, any other symptoms and or problems encountered?
Answer to my AOL & ownership query.
A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
[/QUOTE]
The computer is a long story, it belongs to me now. Previously it belonged
to a company I worked for that closed down. It's really hard to answer questions with out my keyboard letters working. I have to cut and paste
individual letters
I never use AOL / lime wire for anything. I have a teenage son who knows (so did I when I was his age) everything and assures me that he NEVER downloads stuff that could hurt the computer.
I appreciate your help
Thank you,
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by office at 2009-06-11 09:53:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (74%) free of 76 GB
Total RAM: 510 MB (28% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:29 AM, on 6/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\office\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\office.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11656 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1077060195.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-02 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-06-24 245760]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"MW1HelperStartUp"=C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1 []
"ZingSpooler"=C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe [2002-08-02 200704]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"HostManager"=C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe [2005-08-02 159832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-09-16 274432]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-27 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-21 180269]
"eTrustPPAP"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-05-02 3334144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\office\Desktop\bittorrent.exe"="C:\Documents and Settings\office\Desktop\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\office\Local Settings\Temp\7zS62E.tmp\SymNRT.exe"="C:\Documents and Settings\office\Local Settings\Temp\7zS62E.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf3e2b7-7a01-11d9-bbc9-000d5655335a}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
======List of files/folders created in the last 3 months======
2009-06-11 09:22:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-10 06:30:59 ----D---- C:\rsit
2009-06-10 06:27:02 ----A---- C:\Rooter.txt
2009-06-10 06:26:10 ----D---- C:\Rooter$
2009-06-09 08:54:49 ----D---- C:\Program Files\Trend Micro
2009-06-09 06:54:49 ----D---- C:\WINDOWS\ERDNT
2009-06-09 06:54:22 ----D---- C:\Program Files\ERUNT
2009-06-03 07:51:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-03 07:39:26 ----D---- C:\WINDOWS\Minidump
2009-06-01 17:07:22 ----A---- C:\WINDOWS\wqversion.ini
2009-06-01 17:06:08 ----D---- C:\Program Files\WQbyWindsor
2009-05-30 17:44:42 ----D---- C:\Documents and Settings\office\Application Data\Move Networks
2009-05-20 18:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-20 18:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-19 09:10:00 ----D---- C:\WINDOWS\Prefetch
2009-05-19 08:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-19 08:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-19 08:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-19 08:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-19 08:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-19 08:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-19 08:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-19 08:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-19 08:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-19 08:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-19 08:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-19 08:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-19 08:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-19 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-19 08:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-19 08:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-19 08:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-19 08:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-19 08:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-19 08:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-19 08:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-19 08:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-19 08:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-19 08:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-19 08:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-19 08:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-05-19 08:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-19 08:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-19 08:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\en-us
2009-05-19 08:00:37 ----D---- C:\WINDOWS\system32\scripting
2009-05-19 08:00:34 ----D---- C:\WINDOWS\l2schemas
2009-05-19 08:00:32 ----D---- C:\WINDOWS\system32\en
2009-05-19 07:48:27 ----D---- C:\WINDOWS\network diagnostic
2009-05-19 07:45:10 ----A---- C:\WINDOWS\imsins.BAK
2009-05-18 14:37:19 ----D---- C:\Documents and Settings\office\Application Data\JELD-WEN
2009-05-18 14:29:25 ----D---- C:\Program Files\JELD-WEN
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\Zlib.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbzip11.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbuzip10.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspyvb6.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspy5.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\kvbFileSystemLib.dll
2009-05-18 14:29:06 ----D---- C:\WINDOWS\system32\FONTS
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\pdfexpt.dll
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\ccrpTmr6.dll
2009-05-18 14:29:05 ----A---- C:\WINDOWS\system32\actrpt2.dll
2009-05-16 19:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-05-16 19:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-05-16 19:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-05-16 19:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-05-16 19:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-05-16 19:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-16 19:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-05-16 19:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-05-16 19:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-05-16 19:52:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-05-16 19:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-16 19:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-05-16 19:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-05-16 19:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-16 19:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-05-16 19:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-05-16 19:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-05-16 19:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-05-16 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-05-16 19:46:44 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-16 19:46:40 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-05-16 19:46:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-05-16 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-05-16 19:46:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-05-16 19:46:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-05-16 19:46:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-05-16 19:45:55 ----N---- C:\WINDOWS\system32\setupn.exe
2009-05-16 19:45:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-16 19:45:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-05-16 19:45:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-05-16 19:45:41 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-05-16 19:45:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napstat.exe
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\mssha.dll
2009-05-16 19:44:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-16 19:44:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-16 19:44:35 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-16 19:44:16 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-05-16 19:44:15 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-05-16 19:43:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-16 19:43:38 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-16 19:43:33 ----N---- C:\WINDOWS\system32\credssp.dll
2009-05-16 19:43:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-16 19:43:17 ----N---- C:\WINDOWS\system32\azroles.dll
2009-05-16 19:42:47 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-05-16 19:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-05-16 19:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-05-16 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-05-16 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-05-16 19:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-05-16 19:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-05-16 19:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-05-16 18:16:26 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-16 11:54:38 ----D---- C:\Program Files\NETGEAR
======List of files/folders modified in the last 3 months======
2009-06-11 09:48:06 ----D---- C:\Program Files\Mozilla Firefox
2009-06-11 09:46:48 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-06-11 09:46:32 ----D---- C:\WINDOWS\Temp
2009-06-11 09:37:00 ----SHD---- C:\WINDOWS\Installer
2009-06-11 09:36:53 ----D---- C:\Program Files\Java
2009-06-11 09:36:52 ----AD---- C:\Program Files\Common Files
2009-06-11 09:36:39 ----D---- C:\WINDOWS\SYSTEM32
2009-06-11 09:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-11 09:32:14 ----D---- C:\WINDOWS
2009-06-11 09:32:08 ----D---- C:\WINDOWS\system32\DRIVERS
2009-06-11 09:32:08 ----D---- C:\Program Files\Lavasoft
2009-06-11 09:22:11 ----RD---- C:\Program Files
2009-06-11 09:19:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-11 09:19:36 ----D---- C:\WINDOWS\Help
2009-06-11 09:17:42 ----SD---- C:\WINDOWS\Tasks
2009-06-11 08:35:22 ----D---- C:\Documents and Settings\office\Application Data\Skype
2009-06-10 09:25:15 ----D---- C:\Documents and Settings\office\Application Data\skypePM
2009-06-09 10:27:08 ----A---- C:\WINDOWS\wininit.ini
2009-06-05 10:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 15:54:28 ----D---- C:\Documents and Settings\office\Application Data\AdobeUM
2009-05-29 08:13:10 ----D---- C:\Program Files\Common Files\Adobe
2009-05-29 07:24:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-29 07:22:20 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-05-29 07:12:48 ----HD---- C:\WINDOWS\INF
2009-05-29 07:11:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 03:03:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-19 09:14:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-19 09:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-05-19 09:09:10 ----D---- C:\WINDOWS\IME
2009-05-19 09:09:10 ----D---- C:\WINDOWS\AppPatch
2009-05-19 09:09:09 ----D---- C:\WINDOWS\system32\WBEM
2009-05-19 09:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-05-19 09:08:34 ----D---- C:\WINDOWS\SECURITY
2009-05-19 08:14:10 ----D---- C:\Program Files\Messenger
2009-05-19 08:13:53 ----D---- C:\WINDOWS\WinSxS
2009-05-19 08:01:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-19 08:01:14 ----D---- C:\WINDOWS\system32\INETSRV
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\USMT
2009-05-19 08:00:35 ----D---- C:\Program Files\Internet Explorer
2009-05-19 08:00:31 ----D---- C:\WINDOWS\system32\bits
2009-05-19 08:00:31 ----D---- C:\WINDOWS\peernet
2009-05-19 08:00:31 ----D---- C:\Program Files\Movie Maker
2009-05-19 07:53:13 ----D---- C:\WINDOWS\system32\Restore
2009-05-19 07:53:12 ----D---- C:\WINDOWS\system32\NPP
2009-05-19 07:53:12 ----D---- C:\WINDOWS\MUI
2009-05-19 07:53:10 ----D---- C:\WINDOWS\MSAGENT
2009-05-19 07:53:07 ----D---- C:\WINDOWS\SRCHASST
2009-05-19 07:53:05 ----D---- C:\Program Files\NetMeeting
2009-05-19 07:53:02 ----D---- C:\WINDOWS\system32\Com
2009-05-19 07:52:58 ----D---- C:\Program Files\Windows Media Player
2009-05-19 07:52:57 ----D---- C:\Program Files\Windows NT
2009-05-19 07:52:56 ----D---- C:\Program Files\Outlook Express
2009-05-19 07:52:50 ----D---- C:\Program Files\Common Files\System
2009-05-19 07:52:24 ----D---- C:\WINDOWS\system32\OOBE
2009-05-19 07:52:20 ----D---- C:\WINDOWS\SYSTEM
2009-05-19 07:44:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-19 07:44:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-19 07:37:24 ----D---- C:\WINDOWS\EHome
2009-05-18 16:47:01 ----D---- C:\Documents and Settings\office\Application Data\Mozilla
2009-05-16 19:34:31 ----A---- C:\WINDOWS\WIN.INI
2009-05-16 18:20:11 ----D---- C:\WINDOWS\Debug
2009-05-16 17:47:45 ----D---- C:\Westwood
2009-05-16 11:58:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 11:54:52 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-16 11:51:34 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-16 11:07:59 ----D---- C:\temp
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-21 06:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-16 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-16 151297]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-09-21 323584]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe []
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2002-05-03 65536]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
-----------------EOF-----------------
windowguy
2009-06-11, 20:16
I could not find
"info.txt will be opened minimized."
Dakeyras
2009-06-11, 23:22
Hi :)
The computer is a long story, it belongs to me now. Previously it belonged
to a company I worked for that closed down. It's really hard to answer questions with out my keyboard letters working. I have to cut and paste
individual letters
I never use AOL / lime wire for anything. I have a teenage son who knows (so did I when I was his age) everything and assures me that he NEVER downloads stuff that could hurt the computer.
I appreciate your help
Thank you,OK that is fine RE the ownership of the machine.
If the AOL software is not used we can address that later. I think the keyboard may be failing as what you describe is a good indicator.
I could not find
"info.txt will be opened minimized."
Please check within this folder: C:\rsit <-- info.txt should be in here.
windowguy
2009-06-12, 01:09
info.txt logfile of random's system information tool 1.06 2009-06-10 06:31:26
======Uninstall list======
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->MsiExec.exe /X{EE43210C-266E-4101-8FBC-04378D5E9D42}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AOL Explorer-->C:\Program Files\Common Files\AOL\1131403017\ee\services\browser\ver1_1_1042\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Toolbar 2.0-->"C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
BitTorrent 4.2.2-->"C:\Documents and Settings\office\Desktop\uninstall.exe"
Broadcom Management Programs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Builders and Premium Wood (Rantoul)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\BUILDE~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\BUILDE~1\Install.log
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Custom Wood (Bend)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\CUSTOM~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\CUSTOM~1\Install.log
CutePDF Writer 2.2-->C:\WINDOWS\System32\uninscpw.exe C:\Program Files\
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
DS21Patch-->MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
hp officejet 6100 series-->MsiExec.exe /X{12BB7942-1E1F-43D9-B441-4668C1629425}
hp officejet 7100 series-->C:\WINDOWS\System32\hpocon09.exe /u 1077906751 /d "hp officejet 7100 series"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp officejet 6100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
ImageStation Easy Upload Tools-->C:\Program Files\Easy Upload Tools\UninstallHelper\UninstallHelper.exe
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{78F4DFCE-1336-4027-BCB2-1A00C24A8653} /l1033
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JELD-WEN Quick Quote-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\install.log
LAN-Fax Utilities-->Rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IfxUninst.dll,UnInstall LAN-Fax Utilities
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA2523}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Premium Wood (Hawkins,Ringtown)-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\PREMIU~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\PREMIU~1\Install.log
QuickBooks Premier Edition 2005-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="superpro" QBFULLNAME="QuickBooks Premier Edition 2005" ADDREMOVE=1
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
Quotemaster 3 uninstall-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F204A49-152F-4756-9AB1-3105269E3DD0}\Setup.exe" -l0x9 -uninst
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
v 8.01-->"C:\Program Files\WQbyWindsor\unins000.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vinyl & Aluminum-->C:\PROGRA~1\JELD-WEN\QUICKQ~2\VINYL&~1\UNWISE.EXE C:\PROGRA~1\JELD-WEN\QUICKQ~2\VINYL&~1\Install.log
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
======System event log======
Computer Name: FRONTOFFICE
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 27271
Source Name: bcm4sbxp
Time Written: 20080617175745.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 7001
Message: The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 27244
Source Name: Service Control Manager
Time Written: 20080617174846.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 27237
Source Name: bcm4sbxp
Time Written: 20080617174635.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 7001
Message: The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 27228
Source Name: Service Control Manager
Time Written: 20080617174609.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 1073
Message: The attempt to unknown FRONTOFFICE failed
Record Number: 27223
Source Name: USER32
Time Written: 20080604141213.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: FRONTOFFICE
Event Code: 19011
Message:
Record Number: 6523
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20060317192859.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 7.5.311.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 6460
Source Name: Application Hang
Time Written: 20060314155814.000000-480
Event Type: error
User:
Computer Name: FRONTOFFICE
Event Code: 1517
Message: Windows saved user FRONTOFFICE\office registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6459
Source Name: Userenv
Time Written: 20060310173632.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: FRONTOFFICE
Event Code: 19011
Message:
Record Number: 6458
Source Name: MSSQL$MICROSOFTBCM
Time Written: 20060310093450.000000-480
Event Type: warning
User:
Computer Name: FRONTOFFICE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtmled.dll, version 6.0.2900.2781, fault address 0x00035686.
Record Number: 6453
Source Name: Application Error
Time Written: 20060303131945.000000-480
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Dakeyras
2009-06-12, 01:44
Hi :)
The RSIT info.txt apparently is the same log as last time, not a problem however.
Random Access Memory Advice:
Total RAM: 510 MB (28% free)
Though Microsoft claims XP will run with a mere 128 MB installed in my opinion a minimum of 1 GB is far better.
If you wish to upgrade the installed memory, Crucial (http://www.crucial.com) have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.
Note: When we have completed the malware removal process, I can advise the removal of some unessential system startups. Which will help improve overall system performance until the memory issue is resolved, let myself know about this OK.
Reset Host File:
Open Notepad.
Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
Go to File >> Save As
Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
Change Save as Type to All Files and save the file to your Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/Dakeyras.jpg
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.
TFC(Temp File Cleaner):
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Next:
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Next:
Run HijackThis and click on Open the Misc Tools section.
Click Open Uninstall Manager...
Click Save list... and save it to your Desktop.
Copy and paste the file uninstall_list.txt into your next reply.
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Double click once on RSIT.exe
RSIT will start running, at the disclaimer click on Continue.
When done, 1 log will be produced.
Post that in your next reply.
When completed the above, please post back the following:
Inform myself how your computer is running. Any problems encountered and or further symptoms?
Uninstall List.
Malwarebytes Anti-Malware Log.
A new RSIT Log.
windowguy
2009-06-14, 02:38
Here are the logs
I will report on how my computer is running tommorrow
(after I use it for a while)
Thank you I appreciate the help
windowguy
Hi :)
Inform myself how your computer is running. Any problems encountered and or further symptoms?
Uninstall List.
Malwarebytes Anti-Malware Log.
A new RSIT Log.
Logfile of random's system information tool 1.06 (written by random/random)
Run by office at 2009-06-13 16:29:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 510 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:16 PM, on 6/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\office\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\office.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12297 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1077060195.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 181752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-05 106548]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-02-14 1191424]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-06-06 439872]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-05 114741]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2003-08-26 204800]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-02 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112]
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe [2003-06-24 245760]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"MW1HelperStartUp"=C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1 []
"ZingSpooler"=C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe [2002-08-02 200704]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"HostManager"=C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe [2005-08-02 159832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-09-16 274432]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-12-27 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-21 180269]
"eTrustPPAP"=C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-05-02 3334144]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\office\Desktop\bittorrent.exe"="C:\Documents and Settings\office\Desktop\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Westwood\RA2\game.exe"="C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\office\Local Settings\Temp\7zS62E.tmp\SymNRT.exe"="C:\Documents and Settings\office\Local Settings\Temp\7zS62E.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cf3e2b7-7a01-11d9-bbc9-000d5655335a}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure20.exe
======List of files/folders created in the last 1 months======
2009-06-13 15:58:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-12 11:06:13 ----RA---- C:\WINDOWS\system32\cdintf250.dll
2009-06-12 11:05:09 ----D---- C:\MQS
2009-06-11 17:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 17:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 09:22:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-10 06:30:59 ----D---- C:\rsit
2009-06-10 06:27:02 ----A---- C:\Rooter.txt
2009-06-10 06:26:10 ----D---- C:\Rooter$
2009-06-09 08:54:49 ----D---- C:\Program Files\Trend Micro
2009-06-09 06:54:49 ----D---- C:\WINDOWS\ERDNT
2009-06-09 06:54:22 ----D---- C:\Program Files\ERUNT
2009-06-03 07:51:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-03 07:39:26 ----D---- C:\WINDOWS\Minidump
2009-06-01 17:07:22 ----A---- C:\WINDOWS\wqversion.ini
2009-06-01 17:06:08 ----D---- C:\Program Files\WQbyWindsor
2009-05-30 17:44:42 ----D---- C:\Documents and Settings\office\Application Data\Move Networks
2009-05-20 18:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-20 18:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-19 09:10:00 ----D---- C:\WINDOWS\Prefetch
2009-05-19 08:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-19 08:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-19 08:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-19 08:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-19 08:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-19 08:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-19 08:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-19 08:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-19 08:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-19 08:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-19 08:19:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-19 08:19:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-19 08:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-19 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-19 08:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-19 08:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-19 08:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-19 08:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-19 08:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-19 08:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-19 08:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-19 08:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-05-19 08:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-19 08:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-19 08:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-19 08:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-05-19 08:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-19 08:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-19 08:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\en-us
2009-05-19 08:00:37 ----D---- C:\WINDOWS\system32\scripting
2009-05-19 08:00:34 ----D---- C:\WINDOWS\l2schemas
2009-05-19 08:00:32 ----D---- C:\WINDOWS\system32\en
2009-05-19 07:48:27 ----D---- C:\WINDOWS\network diagnostic
2009-05-19 07:45:10 ----A---- C:\WINDOWS\imsins.BAK
2009-05-18 14:37:19 ----D---- C:\Documents and Settings\office\Application Data\JELD-WEN
2009-05-18 14:29:25 ----D---- C:\Program Files\JELD-WEN
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\Zlib.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbzip11.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\vbuzip10.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspyvb6.dll
2009-05-18 14:29:08 ----A---- C:\WINDOWS\system32\dwspy5.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2009-05-18 14:29:07 ----A---- C:\WINDOWS\system32\kvbFileSystemLib.dll
2009-05-18 14:29:06 ----D---- C:\WINDOWS\system32\FONTS
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\pdfexpt.dll
2009-05-18 14:29:06 ----A---- C:\WINDOWS\system32\ccrpTmr6.dll
2009-05-18 14:29:05 ----A---- C:\WINDOWS\system32\actrpt2.dll
2009-05-16 19:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-05-16 19:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-05-16 19:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-05-16 19:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-05-16 19:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-05-16 19:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-16 19:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-05-16 19:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-05-16 19:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-05-16 19:52:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-05-16 19:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-16 19:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-05-16 19:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-05-16 19:52:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-16 19:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-05-16 19:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-05-16 19:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-05-16 19:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-05-16 19:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-05-16 19:46:44 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-16 19:46:40 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-05-16 19:46:37 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-05-16 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-05-16 19:46:34 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-05-16 19:46:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-05-16 19:46:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-05-16 19:45:55 ----N---- C:\WINDOWS\system32\setupn.exe
2009-05-16 19:45:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-16 19:45:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-05-16 19:45:45 ----N---- C:\WINDOWS\system32\qutil.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-05-16 19:45:44 ----N---- C:\WINDOWS\system32\qagent.dll
2009-05-16 19:45:41 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-05-16 19:45:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napstat.exe
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-05-16 19:45:23 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-05-16 19:45:20 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-16 19:45:16 ----N---- C:\WINDOWS\system32\mssha.dll
2009-05-16 19:44:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-05-16 19:44:50 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-16 19:44:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-16 19:44:35 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-05-16 19:44:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-16 19:44:33 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-16 19:44:16 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-05-16 19:44:15 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-16 19:43:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-05-16 19:43:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-16 19:43:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-05-16 19:43:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-16 19:43:38 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-16 19:43:33 ----N---- C:\WINDOWS\system32\credssp.dll
2009-05-16 19:43:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-16 19:43:17 ----N---- C:\WINDOWS\system32\azroles.dll
2009-05-16 19:42:47 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-05-16 19:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-05-16 19:37:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-05-16 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-05-16 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-05-16 19:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-05-16 19:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-05-16 19:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-05-16 18:16:26 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-16 11:54:38 ----D---- C:\Program Files\NETGEAR
======List of files/folders modified in the last 1 months======
2009-06-13 16:23:14 ----D---- C:\Program Files\Mozilla Firefox
2009-06-13 16:22:29 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2009-06-13 16:22:12 ----D---- C:\WINDOWS\Temp
2009-06-13 16:21:18 ----RD---- C:\Program Files
2009-06-13 16:21:18 ----D---- C:\WINDOWS\system32\DRIVERS
2009-06-13 15:17:08 ----D---- C:\WINDOWS\SYSTEM32
2009-06-13 11:52:49 ----D---- C:\WINDOWS
2009-06-13 11:52:42 ----D---- C:\Quotemaster3
2009-06-13 11:52:38 ----D---- C:\I386
2009-06-13 11:52:30 ----D---- C:\DELL
2009-06-12 13:12:35 ----D---- C:\WINDOWS\system32\WBEM
2009-06-12 13:12:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-12 11:26:28 ----SHD---- C:\WINDOWS\Installer
2009-06-11 17:08:51 ----A---- C:\WINDOWS\WIN.INI
2009-06-11 17:07:23 ----HD---- C:\WINDOWS\INF
2009-06-11 17:07:21 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-06-11 17:06:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 15:41:02 ----D---- C:\Documents and Settings\office\Application Data\Skype
2009-06-11 11:27:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-11 09:36:53 ----D---- C:\Program Files\Java
2009-06-11 09:36:52 ----AD---- C:\Program Files\Common Files
2009-06-11 09:33:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-11 09:32:08 ----D---- C:\Program Files\Lavasoft
2009-06-11 09:19:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-11 09:19:36 ----D---- C:\WINDOWS\Help
2009-06-11 09:17:42 ----SD---- C:\WINDOWS\Tasks
2009-06-11 08:05:17 ----D---- C:\Documents and Settings\office\Application Data\skypePM
2009-06-09 10:27:08 ----A---- C:\WINDOWS\wininit.ini
2009-06-05 10:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 15:54:28 ----D---- C:\Documents and Settings\office\Application Data\AdobeUM
2009-06-01 08:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-29 08:13:10 ----D---- C:\Program Files\Common Files\Adobe
2009-05-29 07:24:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-19 09:09:10 ----D---- C:\WINDOWS\system32\Setup
2009-05-19 09:09:10 ----D---- C:\WINDOWS\IME
2009-05-19 09:09:10 ----D---- C:\WINDOWS\AppPatch
2009-05-19 09:09:07 ----RSD---- C:\WINDOWS\Fonts
2009-05-19 09:08:34 ----D---- C:\WINDOWS\SECURITY
2009-05-19 08:14:10 ----D---- C:\Program Files\Messenger
2009-05-19 08:13:53 ----D---- C:\WINDOWS\WinSxS
2009-05-19 08:01:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-19 08:01:14 ----D---- C:\WINDOWS\system32\INETSRV
2009-05-19 08:00:39 ----D---- C:\WINDOWS\system32\USMT
2009-05-19 08:00:35 ----D---- C:\Program Files\Internet Explorer
2009-05-19 08:00:31 ----D---- C:\WINDOWS\system32\bits
2009-05-19 08:00:31 ----D---- C:\WINDOWS\peernet
2009-05-19 08:00:31 ----D---- C:\Program Files\Movie Maker
2009-05-19 07:53:13 ----D---- C:\WINDOWS\system32\Restore
2009-05-19 07:53:12 ----D---- C:\WINDOWS\system32\NPP
2009-05-19 07:53:12 ----D---- C:\WINDOWS\MUI
2009-05-19 07:53:10 ----D---- C:\WINDOWS\MSAGENT
2009-05-19 07:53:07 ----D---- C:\WINDOWS\SRCHASST
2009-05-19 07:53:05 ----D---- C:\Program Files\NetMeeting
2009-05-19 07:53:02 ----D---- C:\WINDOWS\system32\Com
2009-05-19 07:52:58 ----D---- C:\Program Files\Windows Media Player
2009-05-19 07:52:57 ----D---- C:\Program Files\Windows NT
2009-05-19 07:52:56 ----D---- C:\Program Files\Outlook Express
2009-05-19 07:52:50 ----D---- C:\Program Files\Common Files\System
2009-05-19 07:52:24 ----D---- C:\WINDOWS\system32\OOBE
2009-05-19 07:52:20 ----D---- C:\WINDOWS\SYSTEM
2009-05-19 07:44:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-19 07:44:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-19 07:37:24 ----D---- C:\WINDOWS\EHome
2009-05-18 16:47:01 ----D---- C:\Documents and Settings\office\Application Data\Mozilla
2009-05-16 18:20:11 ----D---- C:\WINDOWS\Debug
2009-05-16 17:47:45 ----D---- C:\Westwood
2009-05-16 11:58:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-16 11:54:52 ----D---- C:\WINDOWS\system32\CONFIG
2009-05-16 11:51:34 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-16 11:07:59 ----D---- C:\temp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-05 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-05 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-05 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-05 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-05 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-05 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-05 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-05 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-05 100373]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-05-23 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WNDA31.sys [2008-03-12 421376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-05-16 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-05-16 151297]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-09-21 323584]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe []
S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2002-05-03 65536]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
-----------------EOF-----------------
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe® Photoshop® Album Starter Edition 3.0
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Autodesk DWF Viewer
Avira AntiVir Personal - Free Antivirus
BCM V.92 56K Modem
Broadcom Management Programs
Builders and Premium Wood (Rantoul)
Business Contact Manager for Outlook 2003
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CleanUp!
Command & Conquer Red Alert 2
Custom Wood (Bend)
CutePDF Writer 2.2
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio - Dell Image Expert
DS21Patch
ERUNT 1.1j
Google Talk (remove only)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Memories Disc
hp officejet 6100 series
hp officejet 7100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Share-to-Web
ImageStation Easy Upload Tools
Intel(R) Extreme Graphics Driver
iPod for Windows 2005-09-23
iTunes
JELD-WEN Quick Quote
LAN-Fax Utilities
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Marvin Quote System 7.02
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Professional Edition 2003
Microsoft Tool Web Package:WntIpcfg.exe
Modem Helper
Mozilla Firefox (3.0.11)
MSN Messenger 7.5
Musicmatch® Jukebox
Paint Shop Pro 7
Premium Wood (Hawkins,Ringtown)
QuickBooks Premier Edition 2005
QuickTime
Quotemaster 3 uninstall
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skype™ 3.6
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Spybot - Search & Destroy
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
v 8.01
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vinyl & Aluminum
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 3
6/13/2009 4:19:57 PM
mbam-log-2009-06-13 (16-19-57).txt
Scan type: Quick Scan
Objects scanned: 97630
Time elapsed: 18 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\NoAdware (Rogue.NoAdware) -> Quarantined and deleted successfully.
c:\program files\NoAdware\logs (Rogue.NoAdware) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
c:\program files\NoAdware\noadware_091304_v201.na (Rogue.NoAdware) -> Quarantined and deleted successfully.
Dakeyras
2009-06-14, 23:45
Hi :)
FixPolicies:
Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here (http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe).
Double-click FixPolicies.exe.
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
A black box should briefly appear and then close.
Leave FixPolicies on your desktop please until I otherwsie asvise, thank you.
New Java Installation:
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java SE Runtime Environment (JRE) 6 Update 14. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u14-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u14-windows-i586-p.exe to install Java.
Run Kaspersky Online AV Scanner:
Go to this Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1242123288046) and perform an online antivirus scan.
Note: Use Internet Explorer for this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.This online tuturial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan.
When completed the above, please post back the following:
How is you computer performing now? Any problems encountered and or any further symptoms?
Kaspersky report.
A new HijackThis Log.
Dakeyras
2009-06-16, 11:48
Hi :)
Do you still need help with your machine?
If the instructions are unclear or something isn't working, please let me know before proceeding.
windowguy
2009-06-16, 19:49
I have been having problems and certainly need help
I have installed a new keyboard and mouse, and I have
tried to follow your directions. I think I got the Java file
installed (it didn't work right the first several times)
I absolutely have to complete a project for work so, I am using another
computer. I will complete the rest of your instructions when I complete
my project. I anticipate following your instructions either tonight or
tomorrow. I wanted to post something so that you wouldn't close the
thread or think I wasn't grateful for your help.
I appreciate your help
Thank you,
Window guy
Dakeyras
2009-06-16, 21:38
Hi :)
I have installed a new keyboard and mouse, and I have
tried to follow your directions. I think I got the Java file
installed (it didn't work right the first several times)
Good news about the new KB and mouse, OK we can address the possible Java issue if the need. Sometimes it can be problematic to install but the method I gave you is one of more successful.
I absolutely have to complete a project for work so, I am using another
computer. I will complete the rest of your instructions when I complete
my project. I anticipate following your instructions either tonight or
tomorrow. I wanted to post something so that you wouldn't close the
thread or think I wasn't grateful for your help.
I appreciate your helpNot a problem and thanks for the update plus you are very welcome!.
Just post back when ready:
How is you computer performing now? Any problems encountered and or any further symptoms?
Kaspersky report.
A new HijackThis Log.
windowguy
2009-06-18, 00:58
I was able to download the java update,
Kaspersky scanner txt log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 17:46:42
Records in database: 2358044
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
Scan statistics:
Files scanned: 102288
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:51:09
File name / Threat name / Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
The selected area was scanned.
Here is the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:26 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\WQbyWindsor\m2o.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12345 bytes
Thank you for your help
Windowguy
windowguy
2009-06-18, 01:03
About my computer it has been moving very slowly.
In addition, I really need to download adobe again so
that I can work up a bid on a project that was emailed
to me.
I appreciate your help
Thank you
Windowguy
Dakeyras
2009-06-18, 02:38
Hi :)
I appreciate your help
Thank you You're welcome!
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please go here (http://www.aumha.org/downloads/erunt-setup.exe) and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Install ERUNT by following the prompts.
Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
Next:
Please download OTM (http://oldtimer.geekstogo.com/OTM.exe) to your Desktop.
Double-click OTM to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
:Files
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=-
"Start Page"="http://www.msn.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-
"diagent"=-
"UpdReg"=-
"MimBoot"=-
"QuickTime Task"=-
"KernelFaultCheck"=-
"SunJavaUpdateSched"=-
"KernelFaultCheck"=-
:Commands
[EmptyTemp]
[Reboot]
Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
Then click the red MoveIt! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTM.
New Adobe Reader Installation:
Go here (ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/enu/) and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
When completed the above, please post back the following:
Inform myself how your computer is running. Any problems encountered and or further symptoms?
OTM Log.
A new HijackThis Log.
windowguy
2009-06-18, 03:15
Move it log
========== FILES ==========
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz moved successfully.
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\diagent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MimBoot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\office\LOCALS~1\Temp\etilqs_QnV6Zzhqt1Q8oFs9slXW scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\office\LOCALS~1\Temp\JET26F6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\office\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_818.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTM by OldTimer - Version 2.1.0.1 log created on 06172009_170118
Files moved on Reboot...
File C:\DOCUME~1\office\LOCALS~1\Temp\etilqs_QnV6Zzhqt1Q8oFs9slXW not found!
File C:\DOCUME~1\office\LOCALS~1\Temp\JET26F6.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_818.dat not found!
Registry entries deleted on Reboot...
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:18 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\AOL\1131403017\ee\AOLServiceHost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 691049897101
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131403017\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12021 bytes
I down loaded Adobe and updated it before you telling to from their site.
Hopefully I everything is ok.
One thing I forgot to say was that my clock time was changed by an hour
when I noticed I changed it back.
Thank you,
Windowguy
windowguy
2009-06-18, 03:15
The clock time change was some days ago, I don't remember exactly when.
Thank you,
Windowguy
Dakeyras
2009-06-18, 14:02
Hi :)
I down loaded Adobe and updated it before you telling to from their site.
Hopefully I everything is ok. Not a problem.
One thing I forgot to say was that my clock time was changed by an hour
when I noticed I changed it back.
The clock time change was some days ago, I don't remember exactly when. Might have been because of the malware present and or the actual CMOS Battery (http://www.computerhope.com/issues/ch000239.htm) requires changing.
Next:
Congratulations your computer now appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Clean up with OTM:
Double-click OTM to start the program.
Close all other programs apart from OTM as this step will require a reboot
On the OTM main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
Reset the System Restore points:
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start >> All Programs >> Accessories >>System Tools >> System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start >> Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
Other installed security software:
Your presently installed application, Avira AntiVir automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also once per week.
Erunt:
Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Keep your system updated:
Microsoft releases patches for Windows and other products regularly:
I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Make your Internet Explorer safer:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download).
Only use one of the above.
Advised Optional Installation:
There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not.
I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.
Jetico Personal Firewall (http://www.jetico.com/download.htm)
Online Armour (http://www.tallemu.com/free-firewall-protection-software.html)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Finally a educational source:
To learn more about how to protect yourself while on the internet read this article by Tony Klein:
So how did I get infected in the first place? (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959)
Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!
Any questions,feel free to ask? If not stay safe!
windowguy
2009-06-19, 18:13
My computer is still running pretty slow so I ran spybot and it found 62 problems
and it froze when I tried to remove them.
Thank you,
Windowguy
Dakeyras
2009-06-19, 21:17
Good evening :)
My computer is still running pretty slowHave you carried out any of the advised System Maintenance from my prior post to your good self? Plus bare in mind my prior advice about the current RAM (http://forums.spybot.info/showpost.php?p=317234&postcount=11)situation,
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)Or any of the cleanup process at all?
so I ran spybot and it found 62 problems and it froze when I tried to remove them.
Please do post the Spybot Log for myself to review, thank you.
windowguy
2009-06-20, 00:09
No, I didn't try your last series of advice yet. It looked like a lot of work
and I will need to try it on the weekend when I can set aside a block of
time.
I was trying to give you an update on my situation to keep the thread open
and thought that it might be of interest to you. Seriously I have no idea
what I am doing or what goes on inside the little black computer box.
Thank you,
Windowguy
windowguy
2009-06-20, 00:27
I was looking at Spybot, where do I find a log for it?
Thank you,
Dakeyras
2009-06-20, 13:53
Hi :)
No, I didn't try your last series of advice yet. It looked like a lot of work
and I will need to try it on the weekend when I can set aside a block of
time. Fair play, however have you carried out any of the clean up process from Clean up with OTM: on-wards? If not there is a good chance the infections Spybot has flagged either reside in the system restore points and or has identified some of the specific applications we have used during the course of the malware removal process.
I was trying to give you an update on my situation to keep the thread open
and thought that it might be of interest to you. Seriously I have no idea
what I am doing or what goes on inside the little black computer box.
Thank you,
Windowguy
This is perfectly fine by myself and you have done nothing wrong OK and as ever you are very welcome!
I was looking at Spybot, where do I find a log for it?
OK the log(s) should be located here as follows:
Any logs that are created with scans and or fixes are located here --> Check for problems and Fix selected problems
So you need to launch Spybot >> Mode >> Advanced Mode >> Tools >> View Reports >> View Previous Reports
Post back the log with the date/time stamp from when you ran the scan.
windowguy
2009-06-20, 20:44
I haven't purchased any Ram yet, I have completed all the instructions
from
"Help! My computer is slow! "
and
"What to do if your Computer is running slowly"
With the exception of defraging my hard drive which I will do overnight.
I did run "Clean up with OTM"
The most recent spybot log is below
Thank you for your help
Windowguy
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-06-05 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-06-02 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-06-02 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-06-09 Includes\HijackersC.sbi
2009-06-16 Includes\Keyloggers.sbi
2009-06-16 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-06-10 Includes\Malware.sbi
2009-06-16 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-06-17 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-06-02 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-06-02 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-06-17 Includes\Trojans.sbi
2009-06-17 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Microsoft SQL Server 2000 Service Pack 3 Updates to MDAC 2.7 SP1
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB889293
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458)
/ Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723)
/ Windows Media Player: Security Update for Windows Media Player (KB952069)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB923561)
/ Windows XP / SP4: Security Update for Windows XP (KB938464-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950759)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Security Update for Windows XP (KB952004)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB954459)
/ Windows XP / SP4: Security Update for Windows XP (KB954600)
/ Windows XP / SP4: Security Update for Windows XP (KB955069)
/ Windows XP / SP4: Update for Windows XP (KB955839)
/ Windows XP / SP4: Security Update for Windows XP (KB956572)
/ Windows XP / SP4: Security Update for Windows XP (KB956802)
/ Windows XP / SP4: Security Update for Windows XP (KB956803)
/ Windows XP / SP4: Security Update for Windows XP (KB957097)
/ Windows XP / SP4: Security Update for Windows XP (KB958644)
/ Windows XP / SP4: Security Update for Windows XP (KB958687)
/ Windows XP / SP4: Security Update for Windows XP (KB958690)
/ Windows XP / SP4: Security Update for Windows XP (KB959426)
/ Windows XP / SP4: Security Update for Windows XP (KB960225)
/ Windows XP / SP4: Security Update for Windows XP (KB960715)
/ Windows XP / SP4: Security Update for Windows XP (KB960803)
/ Windows XP / SP4: Security Update for Windows XP (KB961373)
/ Windows XP / SP4: Security Update for Windows XP (KB961501)
/ Windows XP / SP4: Security Update for Windows XP (KB963027)
/ Windows XP / SP4: Update for Windows XP (KB967715)
/ Windows XP / SP4: Security Update for Windows XP (KB968537)
/ Windows XP / SP4: Security Update for Windows XP (KB969897)
/ Windows XP / SP4: Security Update for Windows XP (KB969898)
/ Windows XP / SP4: Security Update for Windows XP (KB970238)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
Located: HK_LM:Run, BCMSMMSG
command: BCMSMMSG.exe
file: C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2BFF8A443334A034DF73D2C8D808D2A7
Located: HK_LM:Run, DwlClient
command: C:\Program Files\Common Files\Dell\EUSW\Support.exe
file: C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 245760
MD5: 58CD30203DDB67FAD6A34AA624FA0141
Located: HK_LM:Run, eTrustPPAP
command: "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
file: C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 169984
MD5: A81135541C9D4EBCE43EFA8AD31395B4
Located: HK_LM:Run, MW1HelperStartUp
command: C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
file: C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, PCMService
command: "C:\Program Files\Dell\Media Experience\PCMService.exe"
file: C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3F22EAAD167797F2DE16FA7968593D59
Located: HK_LM:Run, UpdateManager
command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931
Located: HK_LM:Run, ZingSpooler
command: C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
file: C:\Program Files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe
size: 200704
MD5: 5C31BF0A535983B2A32C686AF68BC8CC
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-906592872-1445438531-2970854567-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, Sonic RecordNow!
where: S-1-5-21-906592872-1445438531-2970854567-1008...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sonic RecordNow!
where: S-1-5-21-906592872-1445438531-2970854567-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (disabled), HPAiODevice(hp officejet 7100 series) - 1 (DISABLED)
command: C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\Bin\hpogrp07.exe -DeviceID 1077906751
file: C:\PROGRA~1\HEWLET~1\AiO\HPOFFI~1\Bin\hpogrp07.exe
size: 495682
MD5: 00B2647A3EEFFC116E329D6971AEB8C6
Located: Startup (disabled), hpoddt01.exe (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
size: 28672
MD5: A564A22308A3F55235BA2478EE82992D
Located: Startup (disabled), officejet 6100 (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
size: 147456
MD5: 971F7A5DDBE6EFDDDC1E822DED35F82A
Located: Startup (disabled), QuickBooks Update Agent (DISABLED)
command: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
file: C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe
size: 806912
MD5: 27C92FCFD6A5991AA1262B49DDE1B9AE
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn0\
Long name: yt.dll
Short name:
Date (created): 6/19/2006 3:22:46 PM
Date (last access): 6/19/2009 4:37:38 PM
Date (last write): 6/6/2006 8:28:44 AM
Filesize: 439872
Attributes: archive
MD5: B2217B49328CB84C421FBBE9079D9AA7
CRC32: E1B0C66C
Version: 2006.6.6.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 2/27/2009 12:07:26 PM
Date (last access): 6/19/2009 4:28:06 PM
Date (last write): 2/27/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/3/2009 7:51:56 AM
Date (last access): 6/20/2009 10:42:18 AM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\Common\
Long name: yiesrvc.dll
Short name:
Date (created): 6/19/2006 3:23:24 PM
Date (last access): 6/19/2009 4:30:58 PM
Date (last write): 1/6/2006 11:52:14 AM
Filesize: 181752
Attributes: archive
MD5: 90AAE04C4C2F05981FB7BF24E70AC0AA
CRC32: F7878D4F
Version: 2006.1.5.1
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 11/15/2003 9:23:00 AM
Date (last access): 6/20/2009 10:10:20 AM
Date (last write): 8/5/2003 11:04:00 PM
Filesize: 106548
Attributes: archive
MD5: 15F6F27916A2D2AF3ABF029F6CF3037B
CRC32: 808FB6C8
Version: 1.4.5.1
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AOL Toolbar Launcher
Path: C:\Program Files\AOL\AOL Toolbar 2.0\
Long name: aoltb.dll
Short name:
Date (created): 8/2/2005 10:41:14 AM
Date (last access): 6/20/2009 10:10:20 AM
Date (last write): 8/2/2005 10:41:14 AM
Filesize: 524288
Attributes: archive
MD5: E9419CBE1260D5C38AE67F7A8EFA768F
CRC32: 6A853EE0
Version: 2.0.4239.61
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 2/28/2006 10:35:24 AM
Date (last access): 6/20/2009 10:10:20 AM
Date (last write): 2/14/2006 8:05:30 PM
Filesize: 1191424
Attributes: readonly archive
MD5: 677C42CD9FE9C13B4B7B601A2E4065B0
CRC32: 58231F90
Version: 3.0.131.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 6/16/2009 9:12:04 AM
Date (last access): 6/19/2009 4:32:16 PM
Date (last write): 6/16/2009 9:12:04 AM
Filesize: 41368
Attributes: archive
MD5: 192E39C717013A0BD532B33AC29D6E7D
CRC32: 6D4D2A2E
Version: 6.0.140.8
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 6/16/2009 9:12:12 AM
Date (last access): 6/19/2009 4:28:06 PM
Date (last write): 6/16/2009 9:12:12 AM
Filesize: 73728
Attributes: archive
MD5: 9A0CA264EC3210E77764C45AD7C5F339
CRC32: A8965ADA
Version: 6.0.140.8
--- ActiveX list ---
{1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced)
DPF name: MeadCo ScriptX Advanced
CLSID name: MeadCo ScriptX
Installer: C:\WINDOWS\Downloaded Program Files\smsx.inf
Codebase: https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
description:
classification: Legitimate
known filename: MCSCRIPX.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: MCScripX.dll
Short name:
Date (created): 6/6/2003 6:07:04 PM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 6/6/2003 6:07:04 PM
Filesize: 93696
Attributes: archive
MD5: EB208F78349EDAC0A244544E7F018928
CRC32: 9F1B723C
Version: 6.1.430.5
{3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer)
DPF name:
CLSID name: PatchInstaller.Installer
Installer: C:\WINDOWS\Downloaded Program Files\XPPatchInstaller.INF
Codebase: file://D:\content\include\XPPatchInstaller.CAB
description:
classification: Legitimate
known filename: XPPatchInstaller.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\System32\
Long name: XPPatchInstaller.dll
Short name: XPPATC~1.DLL
Date (created): 12/18/2003 11:02:14 AM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 12/18/2003 11:02:14 AM
Filesize: 53248
Attributes: archive
MD5: A424F7CA195A407C4179A32CD101A6D7
CRC32: DDBC525E
Version: 1.1.0.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 6/16/2009 9:12:10 AM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 6/16/2009 9:12:10 AM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38184.533599537
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 3/17/2005 1:48:34 PM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 3/17/2005 1:48:34 PM
Filesize: 113152
Attributes: archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32: 31684779
Version: 1.0.0.2
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 6/16/2009 9:12:10 AM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 6/16/2009 9:12:10 AM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_14
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_14.dll
Short name: NPJPI1~1.DLL
Date (created): 6/16/2009 9:12:10 AM
Date (last access): 6/20/2009 10:01:28 AM
Date (last write): 6/16/2009 9:12:10 AM
Filesize: 136600
Attributes: archive
MD5: 104191689E114BEF5C92A6BD626FA4F3
CRC32: 9D46C674
Version: 6.0.140.8
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 3/24/2008 6:32:42 PM
Date (last access): 6/20/2009 9:55:28 AM
Date (last write): 3/24/2008 6:32:42 PM
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://download.abacast.com/download/files/abasetup144.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
--- Process list ---
PID: 0 ( 0) [System]
PID: 508 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 1156 ( 508) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 1180 ( 508) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 1224 (1180) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1236 (1180) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 1404 (1224) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1460 (1224) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1496 (1224) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1540 (1224) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1600 (1224) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 136 (1224) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 172 (1224) C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
size: 68865
MD5: D6C8942BEA3698A2E7559BD423BFA5D7
PID: 260 (1224) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 760 ( 688) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1024 ( 760) C:\WINDOWS\BCMSMMSG.exe
size: 122880
MD5: 2D99607F21FF368C0E335A2D91A052A1
PID: 1040 ( 760) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 114741
MD5: 2BFF8A443334A034DF73D2C8D808D2A7
PID: 1048 ( 760) C:\Program Files\Dell\Media Experience\PCMService.exe
size: 204800
MD5: 3F22EAAD167797F2DE16FA7968593D59
PID: 1080 ( 760) C:\Program Files\Common Files\Dell\EUSW\Support.exe
size: 245760
MD5: 58CD30203DDB67FAD6A34AA624FA0141
PID: 1136 ( 760) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 617FA5BE646B5E8D6670FD4710ACD2D3
PID: 1148 ( 760) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679
PID: 1880 (1224) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
size: 151297
MD5: 335A142923FE7F97E8C8388ACD067568
PID: 1892 (1224) C:\WINDOWS\System32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1964 (1224) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 44FFBA62F0F426B581759C49AAFEC2E2
PID: 2004 (1224) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 340 (1224) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
size: 7544916
MD5: 1251256FEFC2B00A7BD603578241F0AD
PID: 436 (1224) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1280 (1224) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 736 (1224) C:\Program Files\Viewpoint\Common\ViewpointService.exe
size: 24652
MD5: 5F974FDE801C73952770736BECDE11E7
PID: 840 (1224) C:\WINDOWS\System32\MsPMSPSv.exe
size: 53520
MD5: 581176F60885AEF8F78C6E38DCC3CDF9
PID: 2932 (1224) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 8C515081584A38AA007909CD02020B3D
PID: 2308 ( 736) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
size: 112336
MD5: 1FF94B386646925D2B153C8A083115C7
PID: 3056 ( 760) C:\Program Files\Skype\Phone\Skype.exe
size: 21898024
MD5: EDBC8611E999C96F881B8AA10AE7FD75
PID: 1916 (3056) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 2051016
MD5: 8A4177883F756B18B50366B3B1878E5F
PID: 3012 ( 760) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 26C3F01DF1B1AA6CFEC22D75F1E072F9
PID: 3548 (2876) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 728 ( 760) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/20/2009 10:42:24 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.dell.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65952042-D66B-4B5D-836E-C67518EAAD60}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65952042-D66B-4B5D-836E-C67518EAAD60}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEA895D8-2CD4-4285-8A49-65A6B65A1BE6}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EEA895D8-2CD4-4285-8A49-65A6B65A1BE6}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C76818F-C37A-48C6-B1FB-36F5278978DC}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C76818F-C37A-48C6-B1FB-36F5278978DC}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB2E44C6-7F87-40CA-A5B9-991457698368}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DB2E44C6-7F87-40CA-A5B9-991457698368}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CE79CE8-F2DB-4363-AF94-B22BED30A0C0}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CE79CE8-F2DB-4363-AF94-B22BED30A0C0}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Dakeyras
2009-06-20, 22:01
Hi :)
Lets run a few checks to determine what is going on as follows:
Security Application Check:
Please download and save SecurityCheck.exe to your Desktop from one of the links below.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
windowguy
2009-06-22, 01:24
First log,
Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
AviraAntiVirPersonal-FreeAntivirus
BuildersandPremiumWood(Rantoul)
PremiumWood(Hawkins,Ringtown)
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Spybot SDHelper is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````
GREAT! (Very random)
Scan took 15 seconds.
`````````End of Log```````````
windowguy
2009-06-22, 04:43
Eset text
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP951\A0171490.dll Win32/Adware.WBug.A application
thank you
Windowguy
Dakeyras
2009-06-22, 14:12
Hi :)
What has been flagged/found is part of the WeatherBug software. This has some adware characteristics and is installed when certain AOL related applications are installed/used. If I recall you mentioned you do not use any of the AOL software.
Please except my apology I forgot to ask your good self to uninstall the below as follows:
Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.
windowguy
2009-06-22, 18:07
Hi :)
Please except my apology I forgot to ask your good self to uninstall the below as follows:
[/I]
No need to apologize, I am certainly glad we are getting to the bottom
of this.
When I went to defrag my hard drive it doesn't seem to be doing anything.
Maybe I am not performing a key instruction that would seem obvious to most
people but not to me?
I appreciate your help
Thank you,
Windowguy
Dakeyras
2009-06-22, 18:25
Hi :)
No need to apologize, I am certainly glad we are getting to the bottom
of this. :bigthumb:
When I went to defrag my hard drive it doesn't seem to be doing anything.
Maybe I am not performing a key instruction that would seem obvious to most
people but not to me?Not a problem, run the quick non invasive scan below and post back the results please:
Check Hard Disk For Errors:
Press Start->Run..., then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
windowguy
2009-06-22, 18:52
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry SESSIO~1.JS in index $I30 of file 33854.
Deleting index entry DC9540~1 in index $I30 of file 64203.
Errors found. CHKDSK cannot continue in read-only mode.
Thank you,
Windowguy
Dakeyras
2009-06-22, 19:02
Hi :)
*It may prove beneficial if you print of the following instructions or save a copy.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
*You may keep ATF Cleaner on the desktop afterwards if you so wish, as a means of both safely and quickly removing temp' files after every online session.
Hard-Drive Maintenance/Repair:
Note: for the CHKDSK portion you may refer to this tutorial of mine here (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html) and follow the instructions for Graphical Mode if you so wish.
Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.
You should see a screen like this just after the Post(power on self test) screen:
http://i223.photobucket.com/albums/dd202/Dakeyras_album/ChkDsk01.png
Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.
Let myself know the outcome please afterwards.
windowguy
2009-06-23, 20:44
Random update:
When I turned on my computer this morning I saw my
clock was an hour earlier than it should be.
I don't know what it means, I will change it back
windowguy
Dakeyras
2009-06-23, 22:24
Hi :)
If I recall we have discussed this particular matter before (http://forums.spybot.info/showpost.php?p=318322&postcount=22). I do think now it is your actual CMOS Battery (http://www.computerhope.com/issues/ch000239.htm) that requires changing.
My best advice for that is to ask someone who is competent too purchase the correct battery plus replace and or take it to your local IT repair centre.
Any other issues?
windowguy
2009-06-24, 18:52
I will try your hard drive repair instructions this evening
and let you know how things progressed tomorrow morning
I appreciate your help
Thank you,
Windowguy
Dakeyras
2009-06-24, 23:42
OK no problem and you're welcome :bigthumb:
Dakeyras
2009-06-28, 15:17
Everything OK?
windowguy
2009-06-29, 05:18
Sorry I have been away I will give you an update
Monday night
Thank you,
Windowguy
Dakeyras
2009-07-01, 23:36
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Extra note: As any remaining issues do not involve malware and therefore fall outside the scope of this forum, this topic is now closed.
If these non-malware issues remain and you feel you require further help, we suggest that you seek help at a general troubleshooting forum.