Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old October 29th, 2008, 05:11 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
Could someone check a Hijackthis log

I just spent two afternoon's cleaning a friend's PC. It was a mess that started with Malwarrior and then got worse. AVG, Spybot and Malwarebyte's have finally come up clean. I hasn't worked since 06 so I've done all the MS updates also. I've gone in and manually cleaned out everything that was left over I could find. The only thing I don't know about is an entry for "backweb for hp". I thought backweb was bad. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:33 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\??pPatch\c?rss.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasyshare...DORIGIN=SKU110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, \s,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: (no name) - {F92A8F98-AE62-4897-9DC2-E31EC007456D} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Cxhjvv] C:\WINDOWS\system32\??pPatch\c?rss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{7C44673F-0BF9-1033-0216-050823200001}] "C:\Program Files\Common Files\{7C44673F-0BF9-1033-0216-050823200001}\Update.exe" te-110-12-0000132
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: awtqpmk - awtqpmk.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8113 bytes
Reply With Quote
  #2  
Old October 30th, 2008, 03:30 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Hello Sapper2ID,


Some serious infection showing active there. Let's get more details to start repairs from.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Reply With Quote
  #3  
Old October 30th, 2008, 10:21 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
Thanks, this is why you ask the experts.

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-10-30 14:15:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (75%) free of 184 GB
Total RAM: 503 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:51 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\??pPatch\c?rss.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasyshare...DORIGIN=SKU110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, \s,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: (no name) - {F92A8F98-AE62-4897-9DC2-E31EC007456D} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Cxhjvv] C:\WINDOWS\system32\??pPatch\c?rss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [{7C44673F-0BF9-1033-0216-050823200001}] "C:\Program Files\Common Files\{7C44673F-0BF9-1033-0216-050823200001}\Update.exe" te-110-12-0000132
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: awtqpmk - awtqpmk.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
Reply With Quote
  #4  
Old October 30th, 2008, 10:22 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8132 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP Usg Daily.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll [2008-10-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F92A8F98-AE62-4897-9DC2-E31EC007456D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{6E90A503-DDFD-4CC5-9628-0391A05E7212}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe [2006-03-08 48280]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-03-27 126104]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-28 590848]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2007-08-02 68856]
"Cxhjvv"=C:\WINDOWS\system32\??pPatch\c?rss.ex e [2008-09-30 230400]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run]
"{7C44673F-0BF9-1033-0216-050823200001}"=C:\Program Files\Common Files\{7C44673F-0BF9-1033-0216-050823200001}\Update.exe te-110-12-0000132 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe [2005-03-10 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-18 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe [2004-05-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-10-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe [2004-10-25 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-03-10 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~ 1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE [2005-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="iSecurity.cpl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqpmk]
awtqpmk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ddaby.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\1151045508\EE\aim6.exe"="C:\Program Files\Common Files\AOL\1151045508\EE\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.e xe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr .exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe "
"C:\Program Files\Namo\WebEditor 6\bin\WebEditor.exe"="C:\Program Files\Namo\WebEditor 6\bin\WebEditor.exe:*:Enabled:Namo WebEditor 6.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\yqkolvqr.exe"="C:\WINDOWS\sys tem32\yqk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*isabled:Bonjour "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*isabled:Earthlink"
"C:\Documents and Settings\HP_Owner\bjryd.exe"="C:\Documents and Settings\HP_Owner\bjryd.exe:*isabled:ENABLE"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\syst em32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Prog ram Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled :AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1151045508\EE\AOLServiceHost.exe"="C:\Pr ogram Files\Common Files\AOL\1151045508\EE\AOLServiceHost.exe:*:Enabl ed:AOL"
"C:\Program Files\Common Files\AOL\1139285104\EE\AOLServiceHost.exe"="C:\Pr ogram Files\Common Files\AOL\1139285104\EE\AOLServiceHost.exe:*:Enabl ed:AOL"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\1151045508\EE\aolsoftware.exe"="C:\Progr am Files\Common Files\AOL\1151045508\EE\aolsoftware.exe:*:Enabled: AOL Services"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLT opSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLT sMon"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles% \iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2008-10-30 14:14:08 ----D---- C:\rsit
2008-10-28 21:36:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-28 21:27:13 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-10-28 21:26:25 ----D---- C:\Program Files\OpenOffice.org 2.3 Installation Files
2008-10-28 21:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-28 18:33:26 ----D---- C:\Program Files\FLV Player
2008-10-28 18:32:57 ----D---- C:\Program Files\Defraggler
2008-10-28 18:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-28 18:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-28 18:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-28 18:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-28 18:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-28 18:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-28 18:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-28 18:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-28 18:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-28 18:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-28 18:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-28 18:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-28 18:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-28 18:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-28 18:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-28 18:07:38 ----D---- C:\WINDOWS\system32\scripting
2008-10-28 18:07:37 ----D---- C:\WINDOWS\l2schemas
2008-10-28 18:07:36 ----D---- C:\WINDOWS\system32\bits
2008-10-28 18:04:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-28 17:58:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-28 17:58:44 ----D---- C:\WINDOWS\EHome
2008-10-28 17:52:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-28 17:52:32 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-28 17:52:30 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-28 17:52:30 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-28 17:52:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-28 17:52:23 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-28 17:52:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-28 17:52:17 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-28 17:52:16 ----N---- C:\WINDOWS\slrundll.exe
2008-10-28 17:52:15 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-28 17:52:12 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-28 17:52:11 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-28 17:52:10 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-28 17:52:09 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-28 17:52:08 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-28 17:52:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-28 17:52:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-28 17:52:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-28 17:52:05 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-28 17:52:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-28 17:52:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-28 17:51:56 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-28 17:51:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-28 17:51:54 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-28 17:51:52 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-28 17:51:52 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-28 17:51:39 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\mmcex.dll
Reply With Quote
  #5  
Old October 30th, 2008, 10:23 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dl l
2008-10-28 17:51:36 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-28 17:51:28 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-28 17:51:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-28 17:51:26 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-28 17:51:17 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-28 17:51:11 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-10-28 17:51:11 ----A---- C:\WINDOWS\002734_.tmp
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-28 17:51:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-28 17:51:01 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-28 17:50:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-28 17:50:54 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-28 17:50:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-28 17:50:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-28 17:50:46 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-28 17:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-28 17:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-28 17:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-28 17:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-28 17:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-28 17:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-28 17:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-28 17:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-28 17:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-28 17:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-28 17:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-28 17:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-28 17:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-28 17:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-28 17:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-28 17:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-28 17:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-28 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-28 00:58:24 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-28 00:23:58 ----RHD---- C:\$VAULT$.AVG
2008-10-28 00:14:20 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-10-28 00:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-28 00:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-27 23:59:15 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-10-27 23:58:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 22:05:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 22:05:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 22:01:25 ----D---- C:\Program Files\Trend Micro
2008-10-27 22:00:54 ----D---- C:\Program Files\SpywareBlaster
2008-10-24 18:03:20 ----D---- C:\Program Files\CCleaner
2008-10-24 17:28:55 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2008-10-30 14:12:34 ----D---- C:\WINDOWS\Temp
2008-10-30 14:12:33 ----D---- C:\WINDOWS
2008-10-28 22:02:25 ----SHD---- C:\System Volume Information
2008-10-28 22:02:25 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 22:01:14 ----D---- C:\Program Files
2008-10-28 21:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-28 21:59:02 ----D---- C:\WINDOWS\system32
2008-10-28 21:56:08 ----HD---- C:\WINDOWS\inf
2008-10-28 21:56:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-28 21:56:08 ----D---- C:\WINDOWS\system32\drivers
2008-10-28 21:47:36 ----D---- C:\WINDOWS\pss
2008-10-28 21:28:40 ----SHD---- C:\WINDOWS\Installer
2008-10-28 21:28:36 ----HD---- C:\Config.Msi
2008-10-28 21:27:43 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 21:25:28 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 21:18:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-28 21:17:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-28 21:16:59 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-28 21:16:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-28 21:07:12 ----D---- C:\WINDOWS\Prefetch
2008-10-28 21:04:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 20:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-28 20:15:43 ----D---- C:\Program Files\Common Files
2008-10-28 19:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 18:51:33 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Lavasoft
2008-10-28 18:47:42 ----D---- C:\WINDOWS\pchealth
2008-10-28 18:47:42 ----D---- C:\Program Files\MSN Messenger
2008-10-28 18:47:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-28 18:43:15 ----D---- C:\Program Files\Microsoft Office
2008-10-28 18:43:08 ----D---- C:\Program Files\Common Files\System
2008-10-28 18:42:13 ----A---- C:\WINDOWS\win.ini
2008-10-28 18:37:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 18:26:40 ----D---- C:\WINDOWS\Debug
2008-10-28 18:21:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 18:18:44 ----D---- C:\WINDOWS\system32\Setup
2008-10-28 18:18:44 ----D---- C:\WINDOWS\ime
2008-10-28 18:18:44 ----D---- C:\WINDOWS\AppPatch
2008-10-28 18:18:43 ----D---- C:\WINDOWS\system32\wbem
2008-10-28 18:18:05 ----D---- C:\WINDOWS\security
2008-10-28 18:13:18 ----D---- C:\Program Files\Messenger
2008-10-28 18:07:58 ----D---- C:\WINDOWS\WinSxS
2008-10-28 18:07:52 ----D---- C:\WINDOWS\network diagnostic
2008-10-28 18:07:51 ----D---- C:\WINDOWS\Help
2008-10-28 18:07:39 ----D---- C:\WINDOWS\system32\usmt
2008-10-28 18:07:39 ----D---- C:\WINDOWS\system32\en-US
2008-10-28 18:07:37 ----AD---- C:\WINDOWS\system32\en
2008-10-28 18:07:36 ----D---- C:\WINDOWS\PeerNet
2008-10-28 18:07:36 ----D---- C:\Program Files\Movie Maker
2008-10-28 18:04:51 ----D---- C:\WINDOWS\system32\npp
2008-10-28 18:04:50 ----D---- C:\WINDOWS\msagent
2008-10-28 18:04:49 ----D---- C:\WINDOWS\srchasst
2008-10-28 18:04:48 ----D---- C:\Program Files\NetMeeting
2008-10-28 18:04:47 ----D---- C:\WINDOWS\system32\Com
2008-10-28 18:04:45 ----D---- C:\Program Files\Windows Media Player
2008-10-28 18:04:44 ----D---- C:\Program Files\Windows NT
2008-10-28 18:04:44 ----D---- C:\Program Files\Outlook Express
2008-10-28 18:04:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-28 18:04:27 ----D---- C:\WINDOWS\system
2008-10-28 18:02:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-28 17:04:36 ----D---- C:\Program Files\Internet Explorer
2008-10-28 10:59:51 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-10-28 10:56:54 ----D---- C:\Program Files\Online Services
2008-10-28 10:39:26 ----D---- C:\Program Files\Common Files\{7C44673F-0BF9-1033-0216-050823200001}
2008-10-28 08:57:56 ----D---- C:\WINDOWS\Minidump
2008-10-28 08:29:37 ----HD---- C:\temp
2008-10-28 00:36:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-28 00:24:05 ----D---- C:\Program Files\kernel
2008-10-28 00:23:59 ----D---- C:\Program Files\?dobe
2008-10-28 00:22:56 ----D---- C:\WINDOWS\system32\??pPatch
2008-10-28 00:17:11 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-28 00:05:06 ----SD---- C:\WINDOWS\Tasks
2008-10-27 23:57:07 ----D---- C:\Program Files\RcvSystem
2008-10-27 21:44:35 ----SHD---- C:\RECYCLER
2008-10-27 21:41:26 ----D---- C:\Documents and Settings
2008-10-24 17:56:13 ----SH---- C:\WINDOWS\system32\edkkabde.ini
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-12-02 43672]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-10-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-02 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-02 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-10-28 10760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-02 4960]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-09-18 8413]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-07-07 152049]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-07-07 70070]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-18 113664]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys []
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2005-04-18 46680]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94 B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
S2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-10-28 418816]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-02 49664]
S2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-10-28 406528]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-26 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-02 138168]
Reply With Quote
  #6  
Old October 30th, 2008, 10:25 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
info.txt logfile of random's system information tool 1.04 2008-10-30 14:14:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6 ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e 225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb91 9b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EX E C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI Soft Modem-->agrsmdel
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft Media Card Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3580211E-3BB7-42C0-ADC3-9A8C1EFFF2CB}\SETUP.EXE" -l0x9
ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFF08881-43E4-4082-91C4-0E17F82E849D}\setup.exe" -l0x9
ArcSoft MediaConverter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5BD1F9C-8BBA-410E-837D-94D523269F8F}\SETUP.EXE" -l0x9
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93F599DF-519B-4706-A3F1-9530DF2590B4}\SETUP.EXE" -l0x9
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Best Buy Rhapsody-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
BlackjackCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE5EB49-08A7-4AA5-9E72-C8D0A0C786F7}\setup.exe" -l0x9
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Card and Board Games-->C:\PROGRA~1\eGames\CARDAN~1\UNWISE.EXE C:\PROGRA~1\eGames\CARDAN~1\INSTALL.LOG
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DV TS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54266945-8A11-424D-B20F-4F747A714FBA}\Setup.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eGames GameButler-->C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EZface ActiveX 204-->C:\PROGRA~1\EZFace\ActiveX\uninst.bat 204 C:\PROGRA~1\EZFace\ActiveX
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spun inst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3-->C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Lottery 1.2.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SPK210.Inf, DefaultUninstall
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_6c01d7\Setup.ex e /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Mahjongg Master 2 Special Edition-->C:\PROGRA~1\eGames\MAHJON~2\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~2\INSTALL.LOG
MahJongg Master-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Picture It! Photo Creativity 2001-->MsiExec.exe /I{120E6BD1-2149-11d4-A6AD-00A0CC28D961}
Microsoft Picture It! Photo Premium 2001-->MsiExec.exe /I{F629C3EE-FD92-4EDC-BE49-3228AC392993}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
MysticForest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F33EEE5-A176-4608-A81D-578472627695}\setup.exe" -l0x9 -removeonly
Namo WebEditor 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3FA287-2622-4340-AAF6-0AD29F21A691}\setup.exe" -l0x9
Nancy Drew: Secret of Shadow Ranch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Nancy Drew\Secret of Shadow Ranch\setup.exe" -l0x9
Nancy Drew: The Creature of Kapu Cave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\Nancy Drew\The Creature of Kapu Cave\setup.exe" -l0x9
NetBeans IDE 5.0-->C:\Program Files\netbeans-5.0\_uninst\uninstaller.exe
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OpenOffice.org 2.3-->MsiExec.exe /I{28BAF389-4421-4B88-ACCC-FBEF95F69D6D}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photosmart 140,240,7200,7600,7700,7900 Series-->c:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Reel Deal Slots 2nd Volume-->"c:\Program Files\Phantom\Reel Deal Slots 2nd Volume\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\ spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\ spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Reply With Quote
  #7  
Old October 30th, 2008, 10:26 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EX E C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
Slingo Wild 7's-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6105C9EA-FFC3-484A-950A-90F48CD7C73E}\setup.exe" -l0x9
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe"
Word Skramble-->C:\PROGRA~1\eGames\WORDSK~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDSK~1\INSTALL.LOG
Word Wiz-->C:\PROGRA~1\eGames\WORDWI~1\UNWISE.EXE C:\PROGRA~1\eGames\WORDWI~1\INSTALL.LOG

=====HijackThis Backups=====

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.listen.com
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.549

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Reply With Quote
  #8  
Old October 30th, 2008, 11:55 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
I can see you have already had Malwarebytes remove quite a bit of the active parts of the infection. Let's make other changes then scan after.


First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps, including the required reboot. If you have any difficulties accomplishing those then please go ahead and uninstall SpyBot - TeaTimer has been causing too many problems in repairs to make it worth any extra effort while we do them. You can always reinstall it after if you choose to.


Then To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download OTMoveIt3 by OldTimer to your desktop.

Then click OTMoveIt3.exe to run it (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator").

Copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):

Code:
:files
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Program Files\kernel
C:\Program Files\?dobe /u
C:\WINDOWS\system32\??pPatch /u
C:\Program Files\RcvSystem
C:\RECYCLER
C:\WINDOWS\system32\edkkabde.ini
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
  00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqpmk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Cxhjvv"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"{7C44673F-0BF9-1033-0216-050823200001}"=-
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

-----------

Then Go here and run the Kaspersky online scan, and post back the log it creates.

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do.

When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log.

Then locate that log and copy/paste those contents back here please.

Post back that log, the OTMoveIt log and a new RSIT log please.
Reply With Quote
  #9  
Old October 31st, 2008, 11:52 PM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
It looks like I have copies of the sytem files that have been moved. Everything works OK. Im not going to be able to get to the Kapersky scan until later. Has this solved most of the problem?

========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\TEMP not found.
File/Folder C:\Program Files\kernel not found.
File/Folder C:\Program Files\?dobe not found.
Folder move failed. C:\WINDOWS\system32\ΑрpPatch scheduled to be moved on reboot.
File/Folder C:\Program Files\RcvSystem not found.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc69\Con Banda Grandes Exitos moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc69 moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Un-Break My Heart_ The Remix Collection moved successfully.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Ultimate Toni Braxton scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Toni Braxton scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\The Heat scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Secrets scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Platinum & Gold Collection scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\More Than A Woman scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68 scheduled to be moved on reboot.
Folder move failed. C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009 scheduled to be moved on reboot.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\BrowserObjects moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\StartMenuCurrentU ser moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\StartMenuAllUsers moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKLMRun\RunOnceEx moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKLMRun\RunOnce moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKLMRun moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKCURun\RunOnceEx moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKCURun\RunOnce moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun\HKCURun moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro\Autorun moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com\AntiVirusPro moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500\Dc4.com moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-500 moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-1010 moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-1009 moved successfully.
C:\RECYCLER\S-1-5-21-1894439395-1094390820-1578581422-1003 moved successfully.
Folder move failed. C:\RECYCLER scheduled to be moved on reboot.
C:\WINDOWS\system32\edkkabde.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\\"Authentication Packages"|hex(7):6d,00,73,00,76,00,31,00,5f,00,30, 00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqpmk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\Cxhjvv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run\\{7C44673F-0BF9-1033-0216-050823200001} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C44673 F-0BF9-1033-0216-050823200001}\ not found.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10312008_132626
Reply With Quote
  #10  
Old November 1st, 2008, 01:08 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
I tried it again seeing as it failed on some things.

========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Application Data\TEMP not found.
File/Folder C:\Program Files\kernel not found.
File/Folder C:\Program Files\?dobe not found.
File/Folder C:\WINDOWS\system32\??pPatch not found.
File/Folder C:\Program Files\RcvSystem not found.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Ultimate Toni Braxton moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Toni Braxton moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\The Heat moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Secrets moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\Platinum & Gold Collection moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68\More Than A Woman moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009\Dc68 moved successfully.
C:\RECYCLER\S-1-5-21-2748297833-3040879727-769956929-1009 moved successfully.
C:\RECYCLER\S-1-5-21-205159755-1399173751-3437419066-1009 moved successfully.
C:\RECYCLER moved successfully.
File/Folder C:\WINDOWS\system32\edkkabde.ini not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\\"Authentication Packages"|hex(7):6d,00,73,00,76,00,31,00,5f,00,30, 00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtqpmk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\\Cxhjvv not found.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10312008_170322
Reply With Quote
  #11  
Old November 1st, 2008, 03:06 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,284
Active malware files and functions are diminished in log views, but I couldn't say all issues are resolved until we verify that. Go ahead and complete the Kaspersky scan and post that along with the new RSIT log please.
Reply With Quote
  #12  
Old November 1st, 2008, 03:22 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
Kapersky won't be done until tomorrow. Only one wireless card, 2 PCs. sry

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-10-31 19:17:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 139 GB (76%) free of 184 GB
Total RAM: 503 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:24 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Documents and Settings\HP_Owner\My Documents\Installers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/regeasyshare...DORIGIN=SKU110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, \s,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
O2 - BHO: (no name) - {F92A8F98-AE62-4897-9DC2-E31EC007456D} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: (no name) - {6E90A503-DDFD-4CC5-9628-0391A05E7212} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7363 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP Usg Daily.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll [2008-10-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F92A8F98-AE62-4897-9DC2-E31EC007456D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar6.dll [2007-01-19 2403392]
{6E90A503-DDFD-4CC5-9628-0391A05E7212}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1151045508\ee\AOLSoftware.exe [2006-03-08 48280]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-03-27 126104]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-28 590848]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2007-08-02 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHBu tton.exe [2005-03-10 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2005-09-21 2807808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-18 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 9.exe [2004-05-04 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe [2004-05-04 491520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2004-03-31 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-10-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe []
Reply With Quote
  #13  
Old November 1st, 2008, 03:23 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe [2004-10-25 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-09-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2005-03-10 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~ 1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMC onf.exe [2006-03-12 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\309731\Program\UPDATE~1.EXE [2005-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\1151045508\EE\aim6.exe"="C:\Program Files\Common Files\AOL\1151045508\EE\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.e xe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr .exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe "
"C:\Program Files\Namo\WebEditor 6\bin\WebEditor.exe"="C:\Program Files\Namo\WebEditor 6\bin\WebEditor.exe:*:Enabled:Namo WebEditor 6.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\yqkolvqr.exe"="C:\WINDOWS\sys tem32\yqk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*isabled:Bonjour "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*isabled:Earthlink"
"C:\Documents and Settings\HP_Owner\bjryd.exe"="C:\Documents and Settings\HP_Owner\bjryd.exe:*isabled:ENABLE"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\syst em32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Prog ram Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled :AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1151045508\EE\AOLServiceHost.exe"="C:\Pr ogram Files\Common Files\AOL\1151045508\EE\AOLServiceHost.exe:*:Enabl ed:AOL"
"C:\Program Files\Common Files\AOL\1139285104\EE\AOLServiceHost.exe"="C:\Pr ogram Files\Common Files\AOL\1139285104\EE\AOLServiceHost.exe:*:Enabl ed:AOL"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\1151045508\EE\aolsoftware.exe"="C:\Progr am Files\Common Files\AOL\1151045508\EE\aolsoftware.exe:*:Enabled: AOL Services"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLT opSpeed"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLT sMon"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles% \iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6cbb477c-62bc-11da-ab3f-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2008-10-31 17:06:51 ----SHD---- C:\RECYCLER
2008-10-30 14:14:08 ----D---- C:\rsit
2008-10-28 21:36:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\OpenOffice.org2
2008-10-28 21:27:13 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-10-28 21:26:25 ----D---- C:\Program Files\OpenOffice.org 2.3 Installation Files
2008-10-28 21:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-28 18:33:26 ----D---- C:\Program Files\FLV Player
2008-10-28 18:32:57 ----D---- C:\Program Files\Defraggler
2008-10-28 18:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-28 18:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-28 18:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-28 18:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-28 18:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-28 18:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-28 18:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-28 18:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-28 18:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-28 18:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-28 18:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-28 18:13:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-28 18:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-28 18:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-28 18:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-28 18:07:38 ----D---- C:\WINDOWS\system32\scripting
2008-10-28 18:07:37 ----D---- C:\WINDOWS\l2schemas
2008-10-28 18:07:36 ----D---- C:\WINDOWS\system32\bits
2008-10-28 18:04:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-28 17:58:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-28 17:58:44 ----D---- C:\WINDOWS\EHome
2008-10-28 17:52:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-28 17:52:32 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-28 17:52:30 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-28 17:52:30 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-28 17:52:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-28 17:52:23 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-28 17:52:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-28 17:52:17 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-28 17:52:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-28 17:52:16 ----N---- C:\WINDOWS\slrundll.exe
2008-10-28 17:52:15 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-28 17:52:12 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-28 17:52:11 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-28 17:52:10 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-28 17:52:09 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-28 17:52:08 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-28 17:52:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-28 17:52:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-28 17:52:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-28 17:52:05 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-28 17:52:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-28 17:52:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-28 17:51:56 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-28 17:51:55 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-28 17:51:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-28 17:51:54 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-28 17:51:52 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-28 17:51:52 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-28 17:51:39 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-28 17:51:38 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dl l
2008-10-28 17:51:36 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-28 17:51:28 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-28 17:51:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-28 17:51:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-28 17:51:26 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-28 17:51:17 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-28 17:51:11 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-10-28 17:51:11 ----A---- C:\WINDOWS\002734_.tmp
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-28 17:51:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
Reply With Quote
  #14  
Old November 1st, 2008, 03:24 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-28 17:51:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-28 17:51:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-28 17:51:05 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-28 17:51:01 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-28 17:50:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-28 17:50:54 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-28 17:50:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-28 17:50:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-28 17:50:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-28 17:50:46 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-28 17:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-28 17:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-28 17:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-28 17:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-28 17:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-28 17:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-28 17:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-28 17:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-28 17:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-28 17:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-28 17:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-28 17:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-28 17:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-28 17:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-28 17:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-28 17:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-28 17:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-28 17:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-28 00:58:24 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-28 00:23:58 ----RHD---- C:\$VAULT$.AVG
2008-10-28 00:14:20 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-10-28 00:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-28 00:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-27 23:59:15 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-10-27 23:58:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 22:05:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 22:05:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 22:01:25 ----D---- C:\Program Files\Trend Micro
2008-10-27 22:00:54 ----D---- C:\Program Files\SpywareBlaster
2008-10-24 18:03:20 ----D---- C:\Program Files\CCleaner
2008-10-24 17:28:55 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2008-10-31 19:16:39 ----D---- C:\WINDOWS\Temp
2008-10-31 19:16:28 ----D---- C:\WINDOWS
2008-10-31 16:57:26 ----D---- C:\WINDOWS\system32
2008-10-31 16:36:43 ----D---- C:\WINDOWS\Prefetch
2008-10-31 16:02:31 ----D---- C:\WINDOWS\system32\Restore
2008-10-31 16:01:25 ----D---- C:\Program Files
2008-10-31 15:59:25 ----D---- C:\WINDOWS\pss
2008-10-31 15:02:40 ----HD---- C:\WINDOWS\inf
2008-10-31 15:02:40 ----D---- C:\WINDOWS\system32\drivers
2008-10-31 14:53:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 14:49:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-31 14:39:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 22:02:25 ----SHD---- C:\System Volume Information
2008-10-28 21:56:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-28 21:28:40 ----SHD---- C:\WINDOWS\Installer
2008-10-28 21:28:36 ----HD---- C:\Config.Msi
2008-10-28 21:27:43 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 21:25:28 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 21:18:00 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-28 21:17:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-28 21:16:59 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-28 21:16:01 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-28 20:23:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-28 20:15:43 ----D---- C:\Program Files\Common Files
2008-10-28 18:51:33 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Lavasoft
2008-10-28 18:47:42 ----D---- C:\WINDOWS\pchealth
2008-10-28 18:47:42 ----D---- C:\Program Files\MSN Messenger
2008-10-28 18:47:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-28 18:43:15 ----D---- C:\Program Files\Microsoft Office
2008-10-28 18:43:08 ----D---- C:\Program Files\Common Files\System
2008-10-28 18:42:13 ----A---- C:\WINDOWS\win.ini
2008-10-28 18:26:40 ----D---- C:\WINDOWS\Debug
2008-10-28 18:21:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 18:18:44 ----D---- C:\WINDOWS\system32\Setup
2008-10-28 18:18:44 ----D---- C:\WINDOWS\ime
2008-10-28 18:18:44 ----D---- C:\WINDOWS\AppPatch
2008-10-28 18:18:43 ----D---- C:\WINDOWS\system32\wbem
2008-10-28 18:18:05 ----D---- C:\WINDOWS\security
2008-10-28 18:13:18 ----D---- C:\Program Files\Messenger
2008-10-28 18:07:58 ----D---- C:\WINDOWS\WinSxS
2008-10-28 18:07:52 ----D---- C:\WINDOWS\network diagnostic
2008-10-28 18:07:51 ----D---- C:\WINDOWS\Help
2008-10-28 18:07:39 ----D---- C:\WINDOWS\system32\usmt
2008-10-28 18:07:39 ----D---- C:\WINDOWS\system32\en-US
2008-10-28 18:07:37 ----AD---- C:\WINDOWS\system32\en
2008-10-28 18:07:36 ----D---- C:\WINDOWS\PeerNet
2008-10-28 18:07:36 ----D---- C:\Program Files\Movie Maker
2008-10-28 18:04:51 ----D---- C:\WINDOWS\system32\npp
2008-10-28 18:04:50 ----D---- C:\WINDOWS\msagent
2008-10-28 18:04:49 ----D---- C:\WINDOWS\srchasst
2008-10-28 18:04:48 ----D---- C:\Program Files\NetMeeting
2008-10-28 18:04:47 ----D---- C:\WINDOWS\system32\Com
2008-10-28 18:04:45 ----D---- C:\Program Files\Windows Media Player
2008-10-28 18:04:44 ----D---- C:\Program Files\Windows NT
2008-10-28 18:04:44 ----D---- C:\Program Files\Outlook Express
2008-10-28 18:04:29 ----D---- C:\WINDOWS\system32\oobe
2008-10-28 18:04:27 ----D---- C:\WINDOWS\system
2008-10-28 18:02:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-28 17:04:36 ----D---- C:\Program Files\Internet Explorer
2008-10-28 10:59:51 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-10-28 10:56:54 ----D---- C:\Program Files\Online Services
2008-10-28 10:39:26 ----D---- C:\Program Files\Common Files\{7C44673F-0BF9-1033-0216-050823200001}
2008-10-28 08:57:56 ----D---- C:\WINDOWS\Minidump
2008-10-28 08:29:37 ----HD---- C:\temp
2008-10-28 00:17:11 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-28 00:05:06 ----SD---- C:\WINDOWS\Tasks
2008-10-27 21:41:26 ----D---- C:\Documents and Settings
2008-10-15 09:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 10:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-12-02 43672]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-10-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-03-02 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-03-02 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-10-28 10760]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-03-02 4960]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-09-18 8413]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-07-07 152049]
S3 ADPCI;Adaptec Wireless PCI Card v2.5 Driver; C:\WINDOWS\system32\DRIVERS\ADPCIN51.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2004-07-07 70070]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-18 113664]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-18 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-18 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-18 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2005-04-18 46680]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-10-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-03-02 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-10-28 406528]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94 B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-26 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-02 138168]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-14 327680]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]

-----------------EOF-----------------
Reply With Quote
  #15  
Old November 1st, 2008, 03:25 AM
Sapper2ID's Avatar
Sapper2ID Sapper2ID is offline
Member
 
Join Date: Nov 2004
O/S: Windows 10 Pro
Location: Portland, Or. USA
Age: 59
Posts: 66
info.txt logfile of random's system information tool 1.04 2008-10-30 14:14:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6 ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e 225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb91 9b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EX E C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI Soft Modem-->agrsmdel
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ArcSoft Media Card Companion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3580211E-3BB7-42C0-ADC3-9A8C1EFFF2CB}\SETUP.EXE" -l0x9
ArcSoft MediaConverter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFF08881-43E4-4082-91C4-0E17F82E849D}\setup.exe" -l0x9
ArcSoft MediaConverter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5BD1F9C-8BBA-410E-837D-94D523269F8F}\SETUP.EXE" -l0x9
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93F599DF-519B-4706-A3F1-9530DF2590B4}\SETUP.EXE" -l0x9
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Best Buy Rhapsody-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
BlackjackCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE5EB49-08A7-4AA5-9E72-C8D0A0C786F7}\setup.exe" -l0x9
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Card and Board Games-->C:\PROGRA~1\eGames\CARDAN~1\UNWISE.EXE C:\PROGRA~1\eGames\CARDAN~1\INSTALL.LOG
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DV TS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{54266945-8A11-424D-B20F-4F747A714FBA}\Setup.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
eGames GameButler-->C:\PROGRA~1\eGames\GAMEBU~1\UNWISE.EXE C:\PROGRA~1\eGames\GAMEBU~1\INSTALL.LOG
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EZface ActiveX 204-->C:\PROGRA~1\EZFace\ActiveX\uninst.bat 204 C:\PROGRA~1\EZFace\ActiveX
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spun inst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.5.3-->C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Internet Lottery 1.2.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SPK210.Inf, DefaultUninstall
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_6c01d7\Setup.ex e /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Mahjongg Master 2 Special Edition-->C:\PROGRA~1\eGames\MAHJON~2\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~2\INSTALL.LOG
MahJongg Master-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Picture It! Photo Creativity 2001-->MsiExec.exe /I{120E6BD1-2149-11d4-A6AD-00A0CC28D961}
Microsoft Picture It! Photo Premium 2001-->MsiExec.exe /I{F629C3EE-FD92-4EDC-BE49-3228AC392993}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
MysticForest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F33EEE5-A176-4608-A81D-578472627695}\setup.exe" -l0x9 -removeonly
Namo WebEditor 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3FA287-2622-4340-AAF6-0AD29F21A691}\setup.exe" -l0x9
Nancy Drew: Secret of Shadow Ranch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Nancy Drew\Secret of Shadow Ranch\setup.exe" -l0x9
Nancy Drew: The Creature of Kapu Cave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\Nancy Drew\The Creature of Kapu Cave\setup.exe" -l0x9
NetBeans IDE 5.0-->C:\Program Files\netbeans-5.0\_uninst\uninstaller.exe
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OpenOffice.org 2.3-->MsiExec.exe /I{28BAF389-4421-4B88-ACCC-FBEF95F69D6D}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photosmart 140,240,7200,7600,7700,7900 Series-->c:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Reason 3.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Reel Deal Slots 2nd Volume-->"c:\Program Files\Phantom\Reel Deal Slots 2nd Volume\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\ spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\ spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EX E C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Could you check this HijackThis log please? Phil5000 Windows XP 1 November 10th, 2006 12:50 AM
please check my HiJackThis log... aoxk61 Malware Removal 2 September 29th, 2006 05:24 AM
Please check my Hijackthis Log twinx Malware Removal 3 February 28th, 2005 02:49 AM
Hijackthis log: Please Check Crossbones84 Malware Removal 1 June 25th, 2004 01:09 AM
Could you check my HijackThis log? thezieb Malware Removal 2 June 24th, 2004 08:41 PM


All times are GMT +1. The time now is 09:09 AM.