HDD Memory Eating Virus ( Moved from Cyber Safety Forum)

[DHansen]

Hello. I currently have a virus that makes my C:\ drives memory full. I deleted at least 16gigs of things that I did not use last night and when I woke up this morning it was back up to full. I currently cannot scan with avg because when I start the scan the app crashes.

When I download Hijack this and try to install I just get a black CMD screen popping up then closing.

Any help?

[DHansen]

Got it to work!
Bump!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:18 PM, on 3/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\explorer.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUp date.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Dock.lnk = C:\VistaOSX09\RKLauncher.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZLman000
O10 - Broken Internet access because of LSP provider 'c:\program files\vmware\vmware player\vsocklib.dll' missing
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 4603 bytes

[DHansen]

Any help?
It really sucks because I cannot run anything other than chrome and pidgin :/

[DHansen]

No idea what to do, AnnMarie? ;_;

[AnnMarie]

Hi DHansen. I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.

When you have done this, download Random's System Information Tool (RSIT) from here and save it to your desktop.

Doubleclick on RSIT.exe to run it. Your computer will be scanned and once the scan has finished, two logs will open. Please post the contents of both (log.txt will be maximized and info.txt will be minimized) in this topic. You can also find the logs in the C:\rsit folder. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Please do not run any programs other than those that I suggest or install any new software while I am helping you.

[DHansen]

Log.txt:
http://private.dan.hanse.pastebin.com/m416d4e0b
Info.txt:
http://private.dan.hanse.pastebin.com/m6eef1ef8

[AnnMarie]

Hi DHansen. I know it is time consuming but I need the contents of both logs posted in this topic. I need to constantly compare logs and I dont have the time to keep opening links to do this.

I am logging out now but I will check this topic later on.

[DHansen]

Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dan at 2009-03-24 01:02:18
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 80 MB (0%) free of 140 GB
Total RAM: 2037 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:39 AM, on 3/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Dan\Documents\Downloads\RSIT (1).exe
C:\Program Files\Trend Micro\HijackThis\Dan.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUp date.exe" /c
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: Dock.lnk = C:\VistaOSX09\RKLauncher.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\vmware\vmware player\vsocklib.dll' missing
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 3929 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229252830-1690184836-2452961646-1000.job
C:\Windows\tasks\Norton Security Scan for Dan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.e xe [2009-02-20 24688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"= []
"AdobeBridge"= []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"Google Update"=C:\Users\Dan\AppData\Local\Google\Update\G oogleUpdate.exe [2008-11-05 133104]
"Steam"=c:\program files\steam\steam.exe [2009-03-07 1410296]

C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup
Dock.lnk - C:\VistaOSX09\RKLauncher.exe
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-06 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 2 months======

2009-03-24 01:02:18 ----DC---- C:\rsit
2009-03-22 20:46:52 ----D---- C:\Program Files\Trend Micro
2009-03-22 00:01:38 ----D---- C:\VistaOSX09
2009-03-21 23:23:40 ----A---- C:\Windows\system32\avgrep.txt
2009-03-19 10:50:21 ----D---- C:\Users\Dan\AppData\Roaming\VMware
2009-03-18 11:06:37 ----A---- C:\Windows\system32\vnetinst.dll
2009-03-18 11:06:33 ----A---- C:\Windows\system32\vmnetdhcp.exe
2009-03-18 11:06:29 ----A---- C:\Windows\system32\vmnat.exe
2009-03-18 11:06:26 ----RA---- C:\Windows\system32\vmnetbridge.dll
2009-03-18 11:06:23 ----A---- C:\Windows\system32\vnetlib.dll
2009-03-18 11:05:32 ----D---- C:\ProgramData\VMware
2009-03-18 11:02:40 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-18 11:00:42 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-18 10:58:47 ----D---- C:\Program Files\Microsoft
2009-03-18 10:58:33 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-18 10:52:16 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-17 22:47:44 ----D---- C:\Users\Dan\AppData\Roaming\Compile_AHK
2009-03-17 18:34:35 ----D---- C:\ProgramData\Messenger Plus!
2009-03-17 11:03:04 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-16 15:54:36 ----SHD---- C:\found.003
2009-03-11 15:54:29 ----D---- C:\Program Files\Conduit
2009-03-11 15:43:09 ----D---- C:\Windows\Freecorder Toolbar
2009-03-11 15:43:05 ----A---- C:\Windows\Freecorder Toolbar Setup Log.txt
2009-03-11 04:12:59 ----A---- C:\Windows\system32\schannel.dll
2009-03-08 12:22:50 ----SHD---- C:\found.002
2009-03-03 17:40:05 ----A---- C:\Windows\system32\msshooks.dll
2009-03-03 17:40:05 ----A---- C:\Windows\system32\msscb.dll
2009-03-03 17:40:01 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-03-03 17:40:01 ----A---- C:\Windows\system32\propdefs.dll
2009-03-03 17:40:01 ----A---- C:\Windows\system32\msstrc.dll
2009-03-03 17:40:01 ----A---- C:\Windows\system32\mssprxy.dll
2009-03-03 17:40:01 ----A---- C:\Windows\system32\mssitlb.dll
2009-03-03 17:40:01 ----A---- C:\Windows\system32\msshsq.dll
2009-03-03 17:40:00 ----A---- C:\Windows\system32\thawbrkr.dll
2009-03-03 17:40:00 ----A---- C:\Windows\system32\srchadmin.dll
2009-03-03 17:40:00 ----A---- C:\Windows\system32\propsys.dll
2009-03-03 17:40:00 ----A---- C:\Windows\system32\korwbrkr.dll
2009-03-03 17:39:58 ----A---- C:\Windows\system32\wsepno.dll
2009-03-03 17:39:58 ----A---- C:\Windows\system32\rtffilt.dll
2009-03-03 17:39:57 ----A---- C:\Windows\system32\xmlfilter.dll
2009-03-03 17:39:57 ----A---- C:\Windows\system32\offfilt.dll
2009-03-03 17:39:57 ----A---- C:\Windows\system32\nlhtml.dll
2009-03-03 17:39:57 ----A---- C:\Windows\system32\msscntrs.dll
2009-03-03 17:39:57 ----A---- C:\Windows\system32\mimefilt.dll
2009-03-03 17:39:56 ----A---- C:\Windows\system32\chtbrkr.dll
2009-03-03 17:39:56 ----A---- C:\Windows\system32\chsbrkr.dll
2009-03-03 17:39:55 ----A---- C:\Windows\system32\tquery.dll
2009-03-03 17:39:55 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-03-03 17:39:55 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssvp.dll
2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssrch.dll
2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssphtb.dll
2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssph.dll
2009-03-03 17:36:58 ----A---- C:\Windows\system32\EncDec.dll
2009-03-03 17:36:56 ----A---- C:\Windows\system32\psisdecd.dll
2009-03-03 17:36:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-03-03 17:36:44 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-03-03 17:36:44 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-03-03 17:36:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-03-03 17:36:37 ----A---- C:\Windows\system32\wmp.dll
2009-03-03 17:36:34 ----A---- C:\Windows\system32\spwmp.dll
2009-03-03 17:36:32 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-03 17:36:31 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-03 17:36:28 ----A---- C:\Windows\system32\wersvc.dll
2009-03-03 17:36:28 ----A---- C:\Windows\system32\Faultrep.dll
2009-03-03 17:34:36 ----A---- C:\Windows\system32\connect.dll
2009-03-02 21:01:24 ----SHD---- C:\found.001
2009-02-26 23:05:28 ----D---- C:\Users\Dan\AppData\Roaming\SecondLife
2009-02-26 23:04:23 ----D---- C:\Program Files\SecondLife
2009-02-21 13:10:39 ----D---- C:\Windows\system32\FRAPS v2.9.6 Full [Unlocked[sSniper]
2009-02-21 13:09:13 ----D---- C:\Windows\system32\Fraps 2.9.4 Build 7037
2009-02-21 01:28:50 ----D---- C:\Program Files\AutoHotkey
2009-02-20 23:12:22 ----D---- C:\Program Files\MyWebSearch
2009-02-20 20:19:28 ----D---- C:\Fraps
2009-02-18 16:48:53 ----D---- C:\Program Files\TechSmith
2009-02-13 21:50:27 ----D---- C:\ProgramData\WorldWinner.com
2009-02-11 17:30:09 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 17:30:05 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 17:30:02 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 17:29:59 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 17:29:56 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 17:29:55 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 17:29:52 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 17:29:49 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-08 13:43:27 ----D---- C:\Users\Dan\AppData\Roaming\Xfire
2009-02-08 13:43:20 ----D---- C:\ProgramData\Xfire
2009-02-08 11:53:46 ----D---- C:\Program Files\Common Files\INCA Shared
2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
2009-01-31 20:52:16 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-01-31 20:52:16 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-01-31 20:52:16 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-01-31 20:52:15 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-01-31 20:52:15 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-01-31 20:52:15 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-01-31 20:52:15 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-01-31 20:52:14 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-01-31 20:52:14 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-01-31 20:52:14 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-01-31 20:52:14 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-01-31 20:52:14 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-01-31 20:52:13 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-01-31 20:52:13 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-01-31 20:52:13 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-01-31 20:52:12 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-01-31 20:52:12 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-01-31 20:52:12 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-01-31 20:52:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-01-31 20:52:11 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-01-31 20:52:11 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-01-31 20:52:09 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-01-31 20:52:09 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-01-31 20:52:09 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-01-31 20:52:09 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-01-31 20:52:08 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-01-31 20:52:08 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-01-31 20:52:07 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-01-31 20:52:07 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-01-31 20:52:06 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-01-31 20:52:06 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-01-31 20:52:06 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-01-31 20:52:05 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-01-31 20:52:05 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-01-31 20:52:05 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-01-31 20:49:01 ----HD---- C:\Windows\msdownld.tmp
2009-01-31 20:49:00 ----D---- C:\Windows\system32\directx
2009-01-31 20:48:57 ----D---- C:\Program Files\Utherverse Digital Inc
2009-01-30 23:47:30 ----D---- C:\Program Files\MSXML 4.0
2009-01-27 21:33:03 ----D---- C:\Intel
2009-01-27 19:01:53 ----D---- C:\Users\Dan\AppData\Roaming\NCH Software
2009-01-27 19:01:53 ----D---- C:\ProgramData\NCH Software
2009-01-27 19:01:53 ----D---- C:\Program Files\NCH Software
2009-01-27 16:37:55 ----A---- C:\Windows\system32\ascbalon.dll
2009-01-27 16:37:54 ----A---- C:\Windows\system32\SysRestore.dll
2009-01-27 16:37:54 ----A---- C:\Windows\system32\CreateLog.dll
2009-01-27 16:37:53 ----A---- C:\Windows\system32\ConTest.dll
2009-01-27 16:36:00 ----D---- C:\Users\Dan\AppData\Roaming\InstallShield
2009-01-25 15:44:04 ----D---- C:\Users\Dan\AppData\Roaming\winpt
2009-01-25 15:43:58 ----D---- C:\Users\Dan\AppData\Roaming\GnuPT
2009-01-25 15:43:58 ----D---- C:\Users\Dan\AppData\Roaming\gnupg
2009-01-25 15:43:58 ----D---- C:\Program Files\GnuPT

======List of files/folders modified in the last 2 months======

2009-03-24 01:02:20 ----D---- C:\Windows\Temp
2009-03-24 01:01:21 ----D---- C:\ProgramData\NCH Swift Sound
2009-03-24 00:59:56 ----RD---- C:\Program Files
2009-03-24 00:58:04 ----D---- C:\Users\Dan\AppData\Roaming\.purple
2009-03-23 22:16:16 ----D---- C:\Windows\Prefetch
2009-03-23 22:14:46 ----D---- C:\Users\Dan\AppData\Roaming\Hamachi
2009-03-23 21:15:58 ----D---- C:\Program Files\Steam
2009-03-23 21:12:56 ----D---- C:\Windows\tracing
2009-03-23 21:12:48 ----D---- C:\Windows\System32
2009-03-23 21:12:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-23 21:12:25 ----D---- C:\Windows\inf
2009-03-23 20:25:09 ----D---- C:\Windows
2009-03-23 00:10:38 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 22:10:57 ----A---- C:\Windows\ntbtlog.txt
2009-03-22 22:00:13 ----D---- C:\Windows\system32\LogFiles
2009-03-22 21:43:16 ----D---- C:\Windows\Minidump
2009-03-22 11:36:52 ----SHD---- C:\System Volume Information
2009-03-22 10:47:18 ----D---- C:\ProgramData\avg8
2009-03-22 00:12:19 ----D---- C:\Windows\system32\Msdtc
2009-03-22 00:12:17 ----D---- C:\Windows\system32\wbem
2009-03-22 00:11:31 ----D---- C:\Windows\system32\config
2009-03-22 00:11:24 ----D---- C:\Windows\Tasks
2009-03-22 00:11:24 ----D---- C:\Windows\system32\spool
2009-03-22 00:11:24 ----D---- C:\Windows\system32\catroot2
2009-03-22 00:11:24 ----D---- C:\Windows\registration
2009-03-21 16:28:12 ----D---- C:\Users\Dan\AppData\Roaming\Mozilla
2009-03-21 16:09:43 ----D---- C:\Program Files\StepMania
2009-03-20 18:02:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-20 03:00:31 ----SHD---- C:\Windows\Installer
2009-03-18 23:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-18 23:12:09 ----AD---- C:\ProgramData\TEMP
2009-03-18 11:06:39 ----D---- C:\Windows\system32\drivers
2009-03-18 11:06:38 ----D---- C:\Windows\system32\catroot
2009-03-18 11:05:32 ----HD---- C:\ProgramData
2009-03-18 11:02:04 ----D---- C:\Program Files\Windows Live
2009-03-18 11:00:51 ----RSD---- C:\Windows\assembly
2009-03-18 11:00:31 ----D---- C:\Windows\winsxs
2009-03-18 10:52:16 ----SD---- C:\ProgramData\Microsoft
2009-03-18 10:52:16 ----D---- C:\Program Files\Common Files
2009-03-17 22:07:18 ----D---- C:\Windows\system32\Tasks
2009-03-17 07:15:05 ----D---- C:\Users\Dan\AppData\Roaming\Skype
2009-03-17 00:05:30 ----D---- C:\Users\Dan\AppData\Roaming\skypePM
2009-03-15 22:29:26 ----D---- C:\Users\Dan\AppData\Roaming\gtk-2.0
2009-03-15 14:04:20 ----D---- C:\Program Files\NCH Swift Sound
2009-03-07 21:51:08 ----D---- C:\Users\Dan\AppData\Roaming\mIRC
2009-03-07 16:10:22 ----D---- C:\Program Files\mIRC
2009-03-05 01:08:34 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-03 18:57:04 ----D---- C:\Windows\Microsoft.NET
2009-03-03 18:14:51 ----D---- C:\Windows\rescache
2009-03-03 17:57:34 ----D---- C:\Windows\system32\en-US
2009-03-03 17:57:34 ----D---- C:\Windows\PolicyDefinitions
2009-03-03 17:57:28 ----D---- C:\Windows\ehome
2009-03-03 17:57:24 ----D---- C:\Program Files\Windows Media Player
2009-03-03 17:38:15 ----D---- C:\Program Files\Windows Mail
2009-03-03 16:47:26 ----SD---- C:\Windows\Downloaded Program Files
2009-03-03 16:22:52 ----D---- C:\Program Files\vghd
2009-03-01 21:23:52 ----HDC---- C:\$AVG8.VAULT$
2009-03-01 21:12:25 ----D---- C:\Program Files\Applications
2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe
2009-02-22 18:39:34 ----D---- C:\Program Files\Safari
2009-02-21 01:28:52 ----D---- C:\Windows\ShellNew
2009-02-20 23:12:25 ----D---- C:\Program Files\Internet Explorer
2009-02-15 20:44:15 ----D---- C:\Users\Dan\AppData\Roaming\Ventrilo
2009-02-12 21:55:25 ----A---- C:\Windows\system32\avgrsstx.dll
2009-02-12 21:47:14 ----D---- C:\Program Files\Hamachi
2009-01-31 21:51:15 ----D---- C:\Program Files\Savage 2 - A Tortured Soul
2009-01-31 20:49:03 ----D---- C:\Windows\Logs
2009-01-28 19:50:54 ----D---- C:\Program Files\DivX
2009-01-27 16:37:51 ----HD---- C:\Program Files\InstallShield Installation Information

[DHansen]

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-02-12 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-02-12 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-02-12 107272]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-28 32304]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-28 54960]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-28 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-28 857392]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-12 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-12 25280]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-28 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys []
S3 aauzbynt;aauzbynt; C:\Windows\system32\drivers\aauzbynt.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-12 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-02-20 28762]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-28 326192]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-12 24064]
S2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe -d C:\Program Files\VMware\VMware Player\\ -s ufad-p2v.xml []
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-27 655624]
S4 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
S4 NoIPDUCService;NoIPDUCService; C:\Users\Dan\AppData\Local\Temp\Rar$EX07.012\DUC.e xe -service []
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-22 87288]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S4 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-28 399920]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]

-----------------EOF-----------------

[DHansen]

Info.txt:
info.txt logfile of random's system information tool 1.06 2009-03-24 01:02:43

======Uninstall list======

Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e62 6578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plug in.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battery Doubler 1.2.1-->"C:\Program Files\Dachshund Software\Battery Doubler\Uninstall.exe" "C:\Program Files\Dachshund Software\Battery Doubler\install.log"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BroadWave-->C:\Program Files\NCH Swift Sound\BroadWave\uninst.exe
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Computer Alarm Clock-->C:\PROGRA~1\COMPUT~1\UNWISE.EXE C:\PROGRA~1\COMPUT~1\INSTALL.LOG
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C0 6&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Counter-Strike Source-->C:\Windows\unvise32.exe C:\PROGRA~1\Valve\Counter-Strike Source\uninstal.log
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Darwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1502
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Diagnostic System for Sound Fields Version 5E-->MsiExec.exe /X{789D6E58-8E97-437B-8910-6A309ADAFB4C}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-lab PRO 2.5-->"C:\Program Files\DVDlabPro2\unins000.exe"
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Epidemic 1.0-->"C:\Program Files\Epidemic\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Freecorder Toolbar 3.02 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
Freenet 0.7.0 "Darknet"-->"C:\Program Files\Freenet\uninstaller\uninstall.cmd"
Gamevance-->C:\Program Files\Gamevance\gvun.exe
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
GetAnonymous 2.1 Personal-->MsiExec.exe /I{CC0D9C60-1AA7-421A-8E8E-E4B44A3F49D3}
GnuPT Version 3.6.3-->"C:\Program Files\GnuPT\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe"
Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hacker Evolution (1.00.0091) (remove only)-->"C:\Program Files\Hacker Evolution\uninstall.exe"
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life Dedicated Server Update Tool-->C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hide IP Platinum 3.5-->"C:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IEBrowse Tool-->"C:\Program Files\Applications\iebtu.exe"
IExplorer Bar-->"C:\Program Files\Applications\iebu.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jing-->MsiExec.exe /I{97F77B0E-DB04-4417-936C-73DDA5CDE5E1}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Messenger Bot 2008 [Expired Edition]-->C:\Program Files\Messenger Bot 2008\uninstall.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Metasploit Framework 3.1-->C:\Program Files\Metasploit\Framework3\uninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MixPad-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
MorphVOX Pro-->MsiExec.exe /I{EAE4DC26-7D66-4DA6-821B-2B015C6607F7}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
My Web Search (IWON)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O
NavNet-->"C:\Program Files\NavNet\unins000.exe"
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NetBus Pro-->C:\Windows\IsUninst.exe -f"C:\Program Files\NetBus Pro\Uninst.isu" -c"C:\Program Files\NetBus Pro\NBUninst.dll"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nmap 4.50-->"C:\Program Files\Nmap\uninstall.exe"
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
NudgeMania 4.0 for Messenger-->C:\Program Files\NudgeMania\uninstall.exe
openCanvas4.5.09e Plus-->MsiExec.exe /X{A2E23800-051D-4F35-8169-85F5739A04C5}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC SpeedScan Pro-->C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Portal: The First Slice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/410
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
PTFB Pro 3.5.2.0-->"C:\Program Files\Technology Lighthouse\PTFB Pro\unins000.exe"
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QK SMTP Server 3-->C:\PROGRA~1\QKSMTP~1\UNWISE.EXE C:\PROGRA~1\QKSMTP~1\INSTALL.LOG
Quake 3 Arena-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2200
Quake 3 Team Arena-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2350
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
Replay AV 8-->C:\Windows\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"
Replay Converter 3-->"C:\Windows\Replay Converter 3\uninstall.exe" "/U:C:\Program Files\Replay Converter 3\Uninstall\ReplayConverrter3Uninstall.xml"
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
ScreenStream-->C:\Program Files\NCH Software\ScreenStream\uninst.exe
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Tube Increaser-->MsiExec.exe /I{5492EC47-EADA-41FA-955F-5C0B488F1170}
Unreal Tournament 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13210
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Warning Center-->"C:\Program Files\Applications\wcu.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Movie Maker Beta-->MsiExec.exe /X{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.0.5-->"C:\Program Files\Wireshark\uninstall.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WoW UI Designer-->MsiExec.exe /I{880C837C-C37D-4F2F-B7AC-0E3367B666BC}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{1193600A-134F-40F9-9F71-FEF54C93C629}\setup.exe -runfromtemp -l0x0409

=====HijackThis Backups=====

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-22]
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) [2009-03-22]
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZLman000 [2009-03-22]
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) [2009-03-22]
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe [2009-03-22]
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-03-22]
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-22]
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe [2009-03-22]
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe [2009-03-22]
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) [2009-03-22]
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) [2009-03-22]
O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe [2009-03-22]

[DHansen]

======Hosts File======



======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: Steve
Event Code: 31004
Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 27181
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20081226140223.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 31004
Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 27183
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20081226140226.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 40004
Message:
Record Number: 27185
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20081226140233.000000-000
Event Type: Warning
User:

Computer Name: Steve
Event Code: 40004
Message:
Record Number: 27187
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20081226140238.000000-000
Event Type: Warning
User:

Computer Name: Steve
Event Code: 6008
Message: The previous system shutdown at 8:02:35 AM on 12/26/2008 was unexpected.
Record Number: 27196
Source Name: EventLog
Time Written: 20081226151657.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Steve
Event Code: 1000
Message: Faulting application avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, faulting module avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, exception code 0xc0000005, fault offset 0x00024d17, process id 0x12c4, application start time 0x01c9ac3fae57547c.
Record Number: 14304
Source Name: Application Error
Time Written: 20090324051627.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 1000
Message: Faulting application avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, faulting module avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, exception code 0xc0000005, fault offset 0x00024d17, process id 0x1420, application start time 0x01c9ac3fb31a33bc.
Record Number: 14305
Source Name: Application Error
Time Written: 20090324051634.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.
.
Record Number: 14306
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090324052145.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk.
.
Record Number: 14307
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090324053044.000000-000
Event Type: Error
User:

Computer Name: Steve
Event Code: 482
Message: wuaueng.dll (1132) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tm p.edb" at offset 0 (0x0000000000000000) for 12288 (0x00003000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Record Number: 14308
Source Name: ESENT
Time Written: 20090324053855.000000-000
Event Type: Error
User:
=====Security event log=====

Computer Name: Steve
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Record Number: 19951
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090324060237.898575-000
Event Type: Audit Failure
User:

Computer Name: Steve
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Record Number: 19952
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090324060237.931575-000
Event Type: Audit Failure
User:

Computer Name: Steve
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Record Number: 19953
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090324060237.963575-000
Event Type: Audit Failure
User:

Computer Name: Steve
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Record Number: 19954
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090324060237.995575-000
Event Type: Audit Failure
User:

Computer Name: Steve
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys
Record Number: 19955
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090324060238.027575-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

[AnnMarie]

There are some traces of parasites but I am not convinced your problem is malware related. Who installed the below software and what do you use it for?

NetBus Pro

[DHansen]

I have no idea who installed it and what it does :/

[AnnMarie]

There is a load of junk showing in your uninstall list. How about going through the list and uninstalling the software you dont use from Programs and Features in Control Panel? Make sure you uninstall all of the below programs when you do this.

IEBrowse Tool
IExplorer Bar
My Web Search
NetBus Pro

When you have done this, make sure you have rebooted and run Hijack This again but this time, Click on Config > Misc Tools > Open Uninstall Manager and click on Save List. Save the log to your Desktop and then post it in this thread.

[DHansen]

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AIM 6
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AutoHotkey 1.0.47.06
AVG Free 8.0
Bonjour
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
Counter-Strike Source
Counter-Strike: Source
Darwinia Demo
Day of Defeat: Source
Dell Support Center
Dell Touchpad
Dell Wireless WLAN Card
Diagnostic System for Sound Fields Version 5E
Digital Line Detect
DivX Codec
DivX Web Player
DVD-lab PRO 2.5
EDocs
Epidemic 1.0
Express Burn
Fraps (remove only)
Freecorder Toolbar 3.02 Application
Gamevance
Garry's Mod
GnuPT Version 3.6.3
Hacker Evolution (1.00.0091) (remove only)
Half-Life 2
Hamachi 1.0.3.0
Hide IP Platinum 3.5
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
kuler
LIVE gaming on Windows Runtime Version 1.0.6027
Logitech QuickCam
ManyCam 2.3 (remove only)
MediaDirect
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
mIRC
MorphVOX Pro
MSVCRT
MSXML 4.0 SP2 (KB954430)
Music, Photos & Videos Launcher
NetWaiting
openCanvas4.5.09e Plus
OpenOffice.org Installer 1.0
OutlookAddinSetup
Photoshop Camera Raw
Pidgin
PoiZone
Portal: The First Slice
Product Documentation Launcher
PTFB Pro 3.5.2.0
Python 2.5.2
Python 2.6
QK SMTP Server 3
Quake 3 Arena
Quake 3 Team Arena
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
ScreenStream
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Skype™ Beta 4.0
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Steam
StepMania (remove only)
Suite Shared Configuration CS4
Team Fortress 2
TextPad 5
Unreal Tournament 3
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6i
VirtualCloneDrive
VMware Player
WavePad Sound Editor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Wireshark 1.0.5
World of Warcraft
WoW UI Designer