|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
|
Topic Tools |
#1
|
|||
|
|||
HDD Memory Eating Virus ( Moved from Cyber Safety Forum)
Hello. I currently have a virus that makes my C:\ drives memory full. I deleted at least 16gigs of things that I did not use last night and when I woke up this morning it was back up to full. I currently cannot scan with avg because when I start the scan the app crashes.
When I download Hijack this and try to install I just get a black CMD screen popping up then closing. Any help? |
#2
|
|||
|
|||
Got it to work!
Bump! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:47:18 PM, on 3/22/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Pidgin\pidgin.exe C:\Windows\explorer.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\Users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Users\Dan\AppData\Local\Google\Chrome\Applicati on\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUp date.exe" /c O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - Startup: Dock.lnk = C:\VistaOSX09\RKLauncher.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZLman000 O10 - Broken Internet access because of LSP provider 'c:\program files\vmware\vmware player\vsocklib.dll' missing O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 4603 bytes |
#3
|
|||
|
|||
Any help?
It really sucks because I cannot run anything other than chrome and pidgin :/ |
#4
|
|||
|
|||
No idea what to do, AnnMarie? ;_;
|
#5
|
||||
|
||||
Hi DHansen. I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.
When you have done this, download Random's System Information Tool (RSIT) from here and save it to your desktop. Doubleclick on RSIT.exe to run it. Your computer will be scanned and once the scan has finished, two logs will open. Please post the contents of both (log.txt will be maximized and info.txt will be minimized) in this topic. You can also find the logs in the C:\rsit folder. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. Please do not run any programs other than those that I suggest or install any new software while I am helping you. |
#6
|
|||
|
|||
#7
|
||||
|
||||
Hi DHansen. I know it is time consuming but I need the contents of both logs posted in this topic. I need to constantly compare logs and I dont have the time to keep opening links to do this.
I am logging out now but I will check this topic later on. |
#8
|
|||
|
|||
Log:
Logfile of random's system information tool 1.06 (written by random/random) Run by Dan at 2009-03-24 01:02:18 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 80 MB (0%) free of 140 GB Total RAM: 2037 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:02:39 AM, on 3/24/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Users\Dan\AppData\Local\Google\Update\GoogleUpd ate.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Dan\Documents\Downloads\RSIT (1).exe C:\Program Files\Trend Micro\HijackThis\Dan.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUp date.exe" /c O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - Startup: Dock.lnk = C:\VistaOSX09\RKLauncher.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O10 - Broken Internet access because of LSP provider 'c:\program files\vmware\vmware player\vsocklib.dll' missing O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE -- End of file - 3929 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2229252830-1690184836-2452961646-1000.job C:\Windows\tasks\Norton Security Scan for Dan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.e xe [2009-02-20 24688] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "Aim6"= [] "AdobeBridge"= [] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920] "Google Update"=C:\Users\Dan\AppData\Local\Google\Update\G oogleUpdate.exe [2008-11-05 133104] "Steam"=c:\program files\steam\steam.exe [2009-03-07 1410296] C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup Dock.lnk - C:\VistaOSX09\RKLauncher.exe hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-03-06 200704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\GoToAssist] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] ======File associations====== .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" .reg - open - "regedit.exe" "%1" ======List of files/folders created in the last 2 months====== 2009-03-24 01:02:18 ----DC---- C:\rsit 2009-03-22 20:46:52 ----D---- C:\Program Files\Trend Micro 2009-03-22 00:01:38 ----D---- C:\VistaOSX09 2009-03-21 23:23:40 ----A---- C:\Windows\system32\avgrep.txt 2009-03-19 10:50:21 ----D---- C:\Users\Dan\AppData\Roaming\VMware 2009-03-18 11:06:37 ----A---- C:\Windows\system32\vnetinst.dll 2009-03-18 11:06:33 ----A---- C:\Windows\system32\vmnetdhcp.exe 2009-03-18 11:06:29 ----A---- C:\Windows\system32\vmnat.exe 2009-03-18 11:06:26 ----RA---- C:\Windows\system32\vmnetbridge.dll 2009-03-18 11:06:23 ----A---- C:\Windows\system32\vnetlib.dll 2009-03-18 11:05:32 ----D---- C:\ProgramData\VMware 2009-03-18 11:02:40 ----D---- C:\Program Files\Microsoft Silverlight 2009-03-18 11:00:42 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-03-18 10:58:47 ----D---- C:\Program Files\Microsoft 2009-03-18 10:58:33 ----D---- C:\Program Files\Windows Live SkyDrive 2009-03-18 10:52:16 ----D---- C:\Program Files\Common Files\Windows Live 2009-03-17 22:47:44 ----D---- C:\Users\Dan\AppData\Roaming\Compile_AHK 2009-03-17 18:34:35 ----D---- C:\ProgramData\Messenger Plus! 2009-03-17 11:03:04 ----D---- C:\Program Files\Messenger Plus! Live 2009-03-16 15:54:36 ----SHD---- C:\found.003 2009-03-11 15:54:29 ----D---- C:\Program Files\Conduit 2009-03-11 15:43:09 ----D---- C:\Windows\Freecorder Toolbar 2009-03-11 15:43:05 ----A---- C:\Windows\Freecorder Toolbar Setup Log.txt 2009-03-11 04:12:59 ----A---- C:\Windows\system32\schannel.dll 2009-03-08 12:22:50 ----SHD---- C:\found.002 2009-03-03 17:40:05 ----A---- C:\Windows\system32\msshooks.dll 2009-03-03 17:40:05 ----A---- C:\Windows\system32\msscb.dll 2009-03-03 17:40:01 ----A---- C:\Windows\system32\SearchFilterHost.exe 2009-03-03 17:40:01 ----A---- C:\Windows\system32\propdefs.dll 2009-03-03 17:40:01 ----A---- C:\Windows\system32\msstrc.dll 2009-03-03 17:40:01 ----A---- C:\Windows\system32\mssprxy.dll 2009-03-03 17:40:01 ----A---- C:\Windows\system32\mssitlb.dll 2009-03-03 17:40:01 ----A---- C:\Windows\system32\msshsq.dll 2009-03-03 17:40:00 ----A---- C:\Windows\system32\thawbrkr.dll 2009-03-03 17:40:00 ----A---- C:\Windows\system32\srchadmin.dll 2009-03-03 17:40:00 ----A---- C:\Windows\system32\propsys.dll 2009-03-03 17:40:00 ----A---- C:\Windows\system32\korwbrkr.dll 2009-03-03 17:39:58 ----A---- C:\Windows\system32\wsepno.dll 2009-03-03 17:39:58 ----A---- C:\Windows\system32\rtffilt.dll 2009-03-03 17:39:57 ----A---- C:\Windows\system32\xmlfilter.dll 2009-03-03 17:39:57 ----A---- C:\Windows\system32\offfilt.dll 2009-03-03 17:39:57 ----A---- C:\Windows\system32\nlhtml.dll 2009-03-03 17:39:57 ----A---- C:\Windows\system32\msscntrs.dll 2009-03-03 17:39:57 ----A---- C:\Windows\system32\mimefilt.dll 2009-03-03 17:39:56 ----A---- C:\Windows\system32\chtbrkr.dll 2009-03-03 17:39:56 ----A---- C:\Windows\system32\chsbrkr.dll 2009-03-03 17:39:55 ----A---- C:\Windows\system32\tquery.dll 2009-03-03 17:39:55 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2009-03-03 17:39:55 ----A---- C:\Windows\system32\SearchIndexer.exe 2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssvp.dll 2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssrch.dll 2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssphtb.dll 2009-03-03 17:39:54 ----A---- C:\Windows\system32\mssph.dll 2009-03-03 17:36:58 ----A---- C:\Windows\system32\EncDec.dll 2009-03-03 17:36:56 ----A---- C:\Windows\system32\psisdecd.dll 2009-03-03 17:36:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2009-03-03 17:36:44 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2009-03-03 17:36:44 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2009-03-03 17:36:43 ----A---- C:\Windows\system32\WindowsCodecs.dll 2009-03-03 17:36:37 ----A---- C:\Windows\system32\wmp.dll 2009-03-03 17:36:34 ----A---- C:\Windows\system32\spwmp.dll 2009-03-03 17:36:32 ----A---- C:\Windows\system32\dxmasf.dll 2009-03-03 17:36:31 ----A---- C:\Windows\system32\wmploc.DLL 2009-03-03 17:36:28 ----A---- C:\Windows\system32\wersvc.dll 2009-03-03 17:36:28 ----A---- C:\Windows\system32\Faultrep.dll 2009-03-03 17:34:36 ----A---- C:\Windows\system32\connect.dll 2009-03-02 21:01:24 ----SHD---- C:\found.001 2009-02-26 23:05:28 ----D---- C:\Users\Dan\AppData\Roaming\SecondLife 2009-02-26 23:04:23 ----D---- C:\Program Files\SecondLife 2009-02-21 13:10:39 ----D---- C:\Windows\system32\FRAPS v2.9.6 Full [Unlocked[sSniper] 2009-02-21 13:09:13 ----D---- C:\Windows\system32\Fraps 2.9.4 Build 7037 2009-02-21 01:28:50 ----D---- C:\Program Files\AutoHotkey 2009-02-20 23:12:22 ----D---- C:\Program Files\MyWebSearch 2009-02-20 20:19:28 ----D---- C:\Fraps 2009-02-18 16:48:53 ----D---- C:\Program Files\TechSmith 2009-02-13 21:50:27 ----D---- C:\ProgramData\WorldWinner.com 2009-02-11 17:30:09 ----A---- C:\Windows\system32\mshtml.dll 2009-02-11 17:30:05 ----A---- C:\Windows\system32\ieframe.dll 2009-02-11 17:30:02 ----A---- C:\Windows\system32\urlmon.dll 2009-02-11 17:29:59 ----A---- C:\Windows\system32\msfeeds.dll 2009-02-11 17:29:56 ----A---- C:\Windows\system32\wininet.dll 2009-02-11 17:29:55 ----A---- C:\Windows\system32\mstime.dll 2009-02-11 17:29:52 ----A---- C:\Windows\system32\iertutil.dll 2009-02-11 17:29:49 ----A---- C:\Windows\system32\jsproxy.dll 2009-02-08 13:43:27 ----D---- C:\Users\Dan\AppData\Roaming\Xfire 2009-02-08 13:43:20 ----D---- C:\ProgramData\Xfire 2009-02-08 11:53:46 ----D---- C:\Program Files\Common Files\INCA Shared 2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll 2009-01-31 20:52:16 ----A---- C:\Windows\system32\D3DX9_40.dll 2009-01-31 20:52:16 ----A---- C:\Windows\system32\d3dx10_40.dll 2009-01-31 20:52:16 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2009-01-31 20:52:15 ----A---- C:\Windows\system32\XAudio2_3.dll 2009-01-31 20:52:15 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2009-01-31 20:52:15 ----A---- C:\Windows\system32\xactengine3_3.dll 2009-01-31 20:52:15 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2009-01-31 20:52:14 ----A---- C:\Windows\system32\XAudio2_2.dll 2009-01-31 20:52:14 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2009-01-31 20:52:14 ----A---- C:\Windows\system32\xactengine3_2.dll 2009-01-31 20:52:14 ----A---- C:\Windows\system32\d3dx10_39.dll 2009-01-31 20:52:14 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2009-01-31 20:52:13 ----A---- C:\Windows\system32\XAudio2_1.dll 2009-01-31 20:52:13 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2009-01-31 20:52:13 ----A---- C:\Windows\system32\D3DX9_39.dll 2009-01-31 20:52:12 ----A---- C:\Windows\system32\xactengine3_1.dll 2009-01-31 20:52:12 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2009-01-31 20:52:12 ----A---- C:\Windows\system32\d3dx10_38.dll 2009-01-31 20:52:12 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2009-01-31 20:52:11 ----A---- C:\Windows\system32\XAudio2_0.dll 2009-01-31 20:52:11 ----A---- C:\Windows\system32\D3DX9_38.dll 2009-01-31 20:52:09 ----A---- C:\Windows\system32\xactengine3_0.dll 2009-01-31 20:52:09 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2009-01-31 20:52:09 ----A---- C:\Windows\system32\d3dx10_37.dll 2009-01-31 20:52:09 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2009-01-31 20:52:08 ----A---- C:\Windows\system32\xactengine2_10.dll 2009-01-31 20:52:08 ----A---- C:\Windows\system32\D3DX9_37.dll 2009-01-31 20:52:07 ----A---- C:\Windows\system32\d3dx10_36.dll 2009-01-31 20:52:07 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2009-01-31 20:52:06 ----A---- C:\Windows\system32\xactengine2_9.dll 2009-01-31 20:52:06 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2009-01-31 20:52:06 ----A---- C:\Windows\system32\d3dx9_36.dll 2009-01-31 20:52:05 ----A---- C:\Windows\system32\d3dx9_35.dll 2009-01-31 20:52:05 ----A---- C:\Windows\system32\d3dx10_35.dll 2009-01-31 20:52:05 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2009-01-31 20:49:01 ----HD---- C:\Windows\msdownld.tmp 2009-01-31 20:49:00 ----D---- C:\Windows\system32\directx 2009-01-31 20:48:57 ----D---- C:\Program Files\Utherverse Digital Inc 2009-01-30 23:47:30 ----D---- C:\Program Files\MSXML 4.0 2009-01-27 21:33:03 ----D---- C:\Intel 2009-01-27 19:01:53 ----D---- C:\Users\Dan\AppData\Roaming\NCH Software 2009-01-27 19:01:53 ----D---- C:\ProgramData\NCH Software 2009-01-27 19:01:53 ----D---- C:\Program Files\NCH Software 2009-01-27 16:37:55 ----A---- C:\Windows\system32\ascbalon.dll 2009-01-27 16:37:54 ----A---- C:\Windows\system32\SysRestore.dll 2009-01-27 16:37:54 ----A---- C:\Windows\system32\CreateLog.dll 2009-01-27 16:37:53 ----A---- C:\Windows\system32\ConTest.dll 2009-01-27 16:36:00 ----D---- C:\Users\Dan\AppData\Roaming\InstallShield 2009-01-25 15:44:04 ----D---- C:\Users\Dan\AppData\Roaming\winpt 2009-01-25 15:43:58 ----D---- C:\Users\Dan\AppData\Roaming\GnuPT 2009-01-25 15:43:58 ----D---- C:\Users\Dan\AppData\Roaming\gnupg 2009-01-25 15:43:58 ----D---- C:\Program Files\GnuPT ======List of files/folders modified in the last 2 months====== 2009-03-24 01:02:20 ----D---- C:\Windows\Temp 2009-03-24 01:01:21 ----D---- C:\ProgramData\NCH Swift Sound 2009-03-24 00:59:56 ----RD---- C:\Program Files 2009-03-24 00:58:04 ----D---- C:\Users\Dan\AppData\Roaming\.purple 2009-03-23 22:16:16 ----D---- C:\Windows\Prefetch 2009-03-23 22:14:46 ----D---- C:\Users\Dan\AppData\Roaming\Hamachi 2009-03-23 21:15:58 ----D---- C:\Program Files\Steam 2009-03-23 21:12:56 ----D---- C:\Windows\tracing 2009-03-23 21:12:48 ----D---- C:\Windows\System32 2009-03-23 21:12:48 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-03-23 21:12:25 ----D---- C:\Windows\inf 2009-03-23 20:25:09 ----D---- C:\Windows 2009-03-23 00:10:38 ----D---- C:\Program Files\Mozilla Firefox 2009-03-22 22:10:57 ----A---- C:\Windows\ntbtlog.txt 2009-03-22 22:00:13 ----D---- C:\Windows\system32\LogFiles 2009-03-22 21:43:16 ----D---- C:\Windows\Minidump 2009-03-22 11:36:52 ----SHD---- C:\System Volume Information 2009-03-22 10:47:18 ----D---- C:\ProgramData\avg8 2009-03-22 00:12:19 ----D---- C:\Windows\system32\Msdtc 2009-03-22 00:12:17 ----D---- C:\Windows\system32\wbem 2009-03-22 00:11:31 ----D---- C:\Windows\system32\config 2009-03-22 00:11:24 ----D---- C:\Windows\Tasks 2009-03-22 00:11:24 ----D---- C:\Windows\system32\spool 2009-03-22 00:11:24 ----D---- C:\Windows\system32\catroot2 2009-03-22 00:11:24 ----D---- C:\Windows\registration 2009-03-21 16:28:12 ----D---- C:\Users\Dan\AppData\Roaming\Mozilla 2009-03-21 16:09:43 ----D---- C:\Program Files\StepMania 2009-03-20 18:02:01 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-03-20 03:00:31 ----SHD---- C:\Windows\Installer 2009-03-18 23:22:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-03-18 23:12:09 ----AD---- C:\ProgramData\TEMP 2009-03-18 11:06:39 ----D---- C:\Windows\system32\drivers 2009-03-18 11:06:38 ----D---- C:\Windows\system32\catroot 2009-03-18 11:05:32 ----HD---- C:\ProgramData 2009-03-18 11:02:04 ----D---- C:\Program Files\Windows Live 2009-03-18 11:00:51 ----RSD---- C:\Windows\assembly 2009-03-18 11:00:31 ----D---- C:\Windows\winsxs 2009-03-18 10:52:16 ----SD---- C:\ProgramData\Microsoft 2009-03-18 10:52:16 ----D---- C:\Program Files\Common Files 2009-03-17 22:07:18 ----D---- C:\Windows\system32\Tasks 2009-03-17 07:15:05 ----D---- C:\Users\Dan\AppData\Roaming\Skype 2009-03-17 00:05:30 ----D---- C:\Users\Dan\AppData\Roaming\skypePM 2009-03-15 22:29:26 ----D---- C:\Users\Dan\AppData\Roaming\gtk-2.0 2009-03-15 14:04:20 ----D---- C:\Program Files\NCH Swift Sound 2009-03-07 21:51:08 ----D---- C:\Users\Dan\AppData\Roaming\mIRC 2009-03-07 16:10:22 ----D---- C:\Program Files\mIRC 2009-03-05 01:08:34 ----D---- C:\Program Files\Common Files\microsoft shared 2009-03-03 18:57:04 ----D---- C:\Windows\Microsoft.NET 2009-03-03 18:14:51 ----D---- C:\Windows\rescache 2009-03-03 17:57:34 ----D---- C:\Windows\system32\en-US 2009-03-03 17:57:34 ----D---- C:\Windows\PolicyDefinitions 2009-03-03 17:57:28 ----D---- C:\Windows\ehome 2009-03-03 17:57:24 ----D---- C:\Program Files\Windows Media Player 2009-03-03 17:38:15 ----D---- C:\Program Files\Windows Mail 2009-03-03 16:47:26 ----SD---- C:\Windows\Downloaded Program Files 2009-03-03 16:22:52 ----D---- C:\Program Files\vghd 2009-03-01 21:23:52 ----HDC---- C:\$AVG8.VAULT$ 2009-03-01 21:12:25 ----D---- C:\Program Files\Applications 2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe 2009-02-22 18:39:34 ----D---- C:\Program Files\Safari 2009-02-21 01:28:52 ----D---- C:\Windows\ShellNew 2009-02-20 23:12:25 ----D---- C:\Program Files\Internet Explorer 2009-02-15 20:44:15 ----D---- C:\Users\Dan\AppData\Roaming\Ventrilo 2009-02-12 21:55:25 ----A---- C:\Windows\system32\avgrsstx.dll 2009-02-12 21:47:14 ----D---- C:\Program Files\Hamachi 2009-01-31 21:51:15 ----D---- C:\Program Files\Savage 2 - A Tortured Soul 2009-01-31 20:49:03 ----D---- C:\Windows\Logs 2009-01-28 19:50:54 ----D---- C:\Program Files\DivX 2009-01-27 16:37:51 ----HD---- C:\Program Files\InstallShield Installation Information |
#9
|
|||
|
|||
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-02-12 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-02-12 27656] R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-02-12 107272] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-10-28 32304] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-06 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-06 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-06 37376] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-10-28 54960] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-10-28 26288] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-10-28 857392] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-05-04 164400] R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-12 1044984] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-12 25280] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 2016256] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-11-12 330240] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-10-28 23216] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496] S2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [] S3 aauzbynt;aauzbynt; C:\Windows\system32\drivers\aauzbynt.sys [] S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632] S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672] S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-11-12 73728] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-12 903960] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-12 298264] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-02-20 28762] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-11-12 102400] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-28 326192] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-12 24064] S2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe -d C:\Program Files\VMware\VMware Player\\ -s ufad-p2v.xml [] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-27 655624] S4 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [] S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] S4 NoIPDUCService;NoIPDUCService; C:\Users\Dan\AppData\Local\Temp\Rar$EX07.012\DUC.e xe -service [] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-22 87288] S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384] S4 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-28 399920] S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] -----------------EOF----------------- |
#10
|
|||
|
|||
Info.txt:
info.txt logfile of random's system information tool 1.06 2009-03-24 01:02:43 ======Uninstall list====== Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07} Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Dreamweaver CS4-->C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e62 6578\Setup.exe --uninstall=1 Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plug in.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AIM 6-->C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Battery Doubler 1.2.1-->"C:\Program Files\Dachshund Software\Battery Doubler\Uninstall.exe" "C:\Program Files\Dachshund Software\Battery Doubler\install.log" Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} BroadWave-->C:\Program Files\NCH Swift Sound\BroadWave\uninst.exe CamStudio-->C:\Program Files\CamStudio\uninstall.exe Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3} Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F} Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71} Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Computer Alarm Clock-->C:\PROGRA~1\COMPUT~1\UNWISE.EXE C:\PROGRA~1\COMPUT~1\INSTALL.LOG Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C0 6&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} Counter-Strike Source-->C:\Windows\unvise32.exe C:\PROGRA~1\Valve\Counter-Strike Source\uninstal.log Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240 Darwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1502 Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300 Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Diagnostic System for Sound Fields Version 5E-->MsiExec.exe /X{789D6E58-8E97-437B-8910-6A309ADAFB4C} Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD-lab PRO 2.5-->"C:\Program Files\DVDlabPro2\unins000.exe" EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe" Epidemic 1.0-->"C:\Program Files\Epidemic\unins000.exe" Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe Fraps (remove only)-->"C:\Fraps\uninstall.exe" Freecorder Toolbar 3.02 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml" Freecorder Toolbar-->C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG Freenet 0.7.0 "Darknet"-->"C:\Program Files\Freenet\uninstaller\uninstall.cmd" Gamevance-->C:\Program Files\Gamevance\gvun.exe Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000 GetAnonymous 2.1 Personal-->MsiExec.exe /I{CC0D9C60-1AA7-421A-8E8E-E4B44A3F49D3} GnuPT Version 3.6.3-->"C:\Program Files\GnuPT\unins000.exe" Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe" Grand Chase-->C:\Ntreev\Grand Chase\uninst.exe GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe Hacker Evolution (1.00.0091) (remove only)-->"C:\Program Files\Hacker Evolution\uninstall.exe" Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220 Half-Life Dedicated Server Update Tool-->C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe Hide IP Platinum 3.5-->"C:\Program Files\Hide IP Platinum\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" IEBrowse Tool-->"C:\Program Files\Applications\iebtu.exe" IExplorer Bar-->"C:\Program Files\Applications\iebu.exe" IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634} Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jing-->MsiExec.exe /I{97F77B0E-DB04-4417-936C-73DDA5CDE5E1} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4} Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe" MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall Messenger Bot 2008 [Expired Edition]-->C:\Program Files\Messenger Bot 2008\uninstall.exe Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Metasploit Framework 3.1-->C:\Program Files\Metasploit\Framework3\uninst.exe Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC MixPad-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe MorphVOX Pro-->MsiExec.exe /I{EAE4DC26-7D66-4DA6-821B-2B015C6607F7} Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2} My Web Search (IWON)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O NavNet-->"C:\Program Files\NavNet\unins000.exe" NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe NetBus Pro-->C:\Windows\IsUninst.exe -f"C:\Program Files\NetBus Pro\Uninst.isu" -c"C:\Program Files\NetBus Pro\NBUninst.dll" NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Nmap 4.50-->"C:\Program Files\Nmap\uninstall.exe" Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768} NudgeMania 4.0 for Messenger-->C:\Program Files\NudgeMania\uninstall.exe openCanvas4.5.09e Plus-->MsiExec.exe /X{A2E23800-051D-4F35-8169-85F5739A04C5} OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} PC SpeedScan Pro-->C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe Portal: The First Slice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/410 Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24} PTFB Pro 3.5.2.0-->"C:\Program Files\Technology Lighthouse\PTFB Pro\unins000.exe" Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F} Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8} QK SMTP Server 3-->C:\PROGRA~1\QKSMTP~1\UNWISE.EXE C:\PROGRA~1\QKSMTP~1\INSTALL.LOG Quake 3 Arena-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2200 Quake 3 Team Arena-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2350 QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13} QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe Replay AV 8-->C:\Windows\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini" Replay Converter 3-->"C:\Windows\Replay Converter 3\uninstall.exe" "/U:C:\Program Files\Replay Converter 3\Uninstall\ReplayConverrter3Uninstall.xml" Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3} Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} ScreenStream-->C:\Program Files\NCH Software\ScreenStream\uninst.exe SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife" Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865} SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe" Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440 TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe" Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe Tube Increaser-->MsiExec.exe /I{5492EC47-EADA-41FA-955F-5C0B488F1170} Unreal Tournament 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13210 VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive" VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405} Warning Center-->"C:\Program Files\Applications\wcu.exe" WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Movie Maker Beta-->MsiExec.exe /X{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B} Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Wireshark 1.0.5-->"C:\Program Files\Wireshark\uninstall.exe" World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe WoW UI Designer-->MsiExec.exe /I{880C837C-C37D-4F2F-B7AC-0E3367B666BC} Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{1193600A-134F-40F9-9F71-FEF54C93C629}\setup.exe -runfromtemp -l0x0409 =====HijackThis Backups===== O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-22] O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) [2009-03-22] O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZLman000 [2009-03-22] O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) [2009-03-22] O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe [2009-03-22] O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-03-22] O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-03-22] O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe [2009-03-22] O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe [2009-03-22] O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-authd.exe (file missing) [2009-03-22] O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Program Files\VMware\VMware Player\vmware-ufad.exe (file missing) [2009-03-22] O23 - Service: VRS Recording System (VRSService) - NCH Software - C:\Program Files\NCH Swift Sound\VRS\vrs.exe [2009-03-22] Last edited by DHansen; March 24th, 2009 at 07:32 AM. |
#11
|
|||
|
|||
======Hosts File======
======Security center information====== AV: AVG Anti-Virus Free AS: AVG Anti-Virus Free (disabled) ======System event log====== Computer Name: Steve Event Code: 31004 Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Record Number: 27181 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20081226140223.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 31004 Message: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. Record Number: 27183 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20081226140226.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 40004 Message: Record Number: 27185 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20081226140233.000000-000 Event Type: Warning User: Computer Name: Steve Event Code: 40004 Message: Record Number: 27187 Source Name: Microsoft-Windows-SharedAccess_NAT Time Written: 20081226140238.000000-000 Event Type: Warning User: Computer Name: Steve Event Code: 6008 Message: The previous system shutdown at 8:02:35 AM on 12/26/2008 was unexpected. Record Number: 27196 Source Name: EventLog Time Written: 20081226151657.000000-000 Event Type: Error User: =====Application event log===== Computer Name: Steve Event Code: 1000 Message: Faulting application avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, faulting module avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, exception code 0xc0000005, fault offset 0x00024d17, process id 0x12c4, application start time 0x01c9ac3fae57547c. Record Number: 14304 Source Name: Application Error Time Written: 20090324051627.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 1000 Message: Faulting application avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, faulting module avgscanx.exe, version 8.0.0.228, time stamp 0x4950db5a, exception code 0xc0000005, fault offset 0x00024d17, process id 0x1420, application start time 0x01c9ac3fb31a33bc. Record Number: 14305 Source Name: Application Error Time Written: 20090324051634.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. . Record Number: 14306 Source Name: Microsoft-Windows-CAPI2 Time Written: 20090324052145.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 11 Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: There is not enough space on the disk. . Record Number: 14307 Source Name: Microsoft-Windows-CAPI2 Time Written: 20090324053044.000000-000 Event Type: Error User: Computer Name: Steve Event Code: 482 Message: wuaueng.dll (1132) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tm p.edb" at offset 0 (0x0000000000000000) for 12288 (0x00003000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Record Number: 14308 Source Name: ESENT Time Written: 20090324053855.000000-000 Event Type: Error User: =====Security event log===== Computer Name: Steve Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 19951 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090324060237.898575-000 Event Type: Audit Failure User: Computer Name: Steve Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 19952 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090324060237.931575-000 Event Type: Audit Failure User: Computer Name: Steve Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 19953 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090324060237.963575-000 Event Type: Audit Failure User: Computer Name: Steve Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 19954 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090324060237.995575-000 Event Type: Audit Failure User: Computer Name: Steve Event Code: 5038 Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume3\Windows\System32\drivers\t cpip.sys Record Number: 19955 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090324060238.027575-000 Event Type: Audit Failure User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "DFSTRACINGON"=FALSE "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f0d "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\ "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.m icrosoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "USERNAME"=SYSTEM "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- |
#12
|
||||
|
||||
There are some traces of parasites but I am not convinced your problem is malware related. Who installed the below software and what do you use it for?
NetBus Pro |
#13
|
|||
|
|||
I have no idea who installed it and what it does :/
|
#14
|
||||
|
||||
There is a load of junk showing in your uninstall list. How about going through the list and uninstalling the software you dont use from Programs and Features in Control Panel? Make sure you uninstall all of the below programs when you do this.
IEBrowse Tool IExplorer Bar My Web Search NetBus Pro When you have done this, make sure you have rebooted and run Hijack This again but this time, Click on Config > Misc Tools > Open Uninstall Manager and click on Save List. Save the log to your Desktop and then post it in this thread. |
#15
|
|||
|
|||
Acrobat.com
Acrobat.com Adobe AIR Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Dreamweaver CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Media Player Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop 7.0 Adobe Reader 9 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player 11 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe XMP Panels CS4 AIM 6 Apple Mobile Device Support Apple Software Update ASIO4ALL AutoHotkey 1.0.47.06 AVG Free 8.0 Bonjour Choice Guard Compatibility Pack for the 2007 Office system Conexant HDA D330 MDC V.92 Modem Connect Counter-Strike Source Counter-Strike: Source Darwinia Demo Day of Defeat: Source Dell Support Center Dell Touchpad Dell Wireless WLAN Card Diagnostic System for Sound Fields Version 5E Digital Line Detect DivX Codec DivX Web Player DVD-lab PRO 2.5 EDocs Epidemic 1.0 Express Burn Fraps (remove only) Freecorder Toolbar 3.02 Application Gamevance Garry's Mod GnuPT Version 3.6.3 Hacker Evolution (1.00.0091) (remove only) Half-Life 2 Hamachi 1.0.3.0 Hide IP Platinum 3.5 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IL Download Manager Intel(R) Matrix Storage Manager iTunes Java(TM) 6 Update 10 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Junk Mail filter update kuler LIVE gaming on Windows Runtime Version 1.0.6027 Logitech QuickCam ManyCam 2.3 (remove only) MediaDirect Messenger Plus! Live Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Works mIRC MorphVOX Pro MSVCRT MSXML 4.0 SP2 (KB954430) Music, Photos & Videos Launcher NetWaiting openCanvas4.5.09e Plus OpenOffice.org Installer 1.0 OutlookAddinSetup Photoshop Camera Raw Pidgin PoiZone Portal: The First Slice Product Documentation Launcher PTFB Pro 3.5.2.0 Python 2.5.2 Python 2.6 QK SMTP Server 3 Quake 3 Arena Quake 3 Team Arena QuickSet QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari ScreenStream Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Skype™ Beta 4.0 SmartFTP Client SmartFTP Client 3.0 Setup Files (remove only) Steam StepMania (remove only) Suite Shared Configuration CS4 Team Fortress 2 TextPad 5 Unreal Tournament 3 VC80CRTRedist - 8.0.50727.762 Ventrilo Client VideoLAN VLC media player 0.8.6i VirtualCloneDrive VMware Player WavePad Sound Editor Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Beta Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool WinRAR archiver Wireshark 1.0.5 World of Warcraft WoW UI Designer |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus? Hardware? Time for a new PC? HJT Log (moved from Cyber Safety Forum) | majakdragon | Hardware | 2 | December 29th, 2008 07:48 PM |
Anti-virus suggestion? (Moved from Cyber Safety Forum) | acsdeb | Applications | 2 | July 7th, 2008 11:57 AM |
HELP! Hijack This Log. Virus problem w/IE/MS (Moved from Cyber Safety Forum) | jillyb | Windows NT, 2000, 2003, 2008, 2012 | 3 | April 30th, 2008 10:06 PM |
Any Recomendations for Anti Virus? (moved from Cyber Safety Forum) | redpete | Applications | 8 | March 15th, 2008 01:35 AM |
antispyware/virus?? (Moved from Cyber Safety Forum) | cheesewheels99 | Applications | 6 | March 7th, 2008 11:36 PM |
All times are GMT +1. The time now is 12:24 AM.