Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old April 3rd, 2009, 02:26 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
gmail will not load & google search redirects - see HJT Log incl'd

Can someone help me figure out why I can't get gmail page to load (not in IE 7, IE 8, Firefox or Opera)? Other web pages and surfing, including yahoo searches and yahoo mail seem to work fine. I just can't get into my gmail on this one computer and when I do google searches on this same computer, more often than not, when I click the search results, I am redirected to an adsense page.

I did scan with free version of the following: AVG 8.5, Malwarebytes and SuperAntiSpyware.
Here is my hijackthis log file that I just ran:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:18 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: 94.247.2.216 www.google.com
O1 - Hosts: 94.247.2.216 search.yahoo.com
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Osceola Library System Tray App.lnk = ?
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

--
End of file - 10571 bytes

Last edited by bhopal; April 3rd, 2009 at 02:31 AM. Reason: I did scans with AVG, etc
Reply With Quote
  #2  
Old April 3rd, 2009, 03:50 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Welcome to CTH, bhopal!

Please do the following:

Download HostsXpert
  • Right-click the file and select: Extract all…
  • Extract the program to a its own folder
  • Double-click HostsXpert.exe to run the program
  • Click: Make Hosts Writable? in the upper left corner.
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.

Note: If a custom Hosts file was in place, edit those entries back in.

More information

Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one.

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
  • If an update is found, MBAM will download and install the latest.
  • Click OK
At the main program window
  • Make sure the following is checked: Perform Quick Scan
  • Click: Scan (The scan may take some time to finish, so please be patient.)
  • When the scan completes, a message box appears
  • Click OK
At the main Scanner screen:
  • Click on: Show Results
  • A screen displaying the malware found shows
  • Make sure everything found is checked, and click: Remove Selected
  • When the disinfection is complete, you may be prompted to Restart. Please do so.
  • When MBAM finishes removing the malware, a log opens in Notepad
  • The log is automatically saved and can be viewed by clicking the Logs tab.
~~~~
Download Random's System Information Tool (RSIT)
  • Save it to the Desktop
  • Double click on RSIT.exe to run the programRSIT
  • Click Continue at the disclaimer screen
  • Once the tool finishes, two logs open. Log.txt is maximized, and info.txt is minimized.(The logs are also contained in C:\rsit
~~~~

Please provide the following in your reply:
The MBAM report
The RSIT: Log.txt and info.txt

You may need to do consecutive posts (one after the other) if the logs are too long.
Reply With Quote
  #3  
Old April 3rd, 2009, 03:59 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Will do. Quick question... on HostsXpert, the upper left corner shows "Make ReadOnly?". When I click on it, it changes to "Make Writeable?" Do you want me to leave it showing "Make ReadOnly?"
Reply With Quote
  #4  
Old April 3rd, 2009, 04:09 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Yes.

It looks as if the program was updated, and my instructions refer to a previous version.

My apology.
Reply With Quote
  #5  
Old April 3rd, 2009, 05:02 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Malwarebytes scan results:

Malwarebytes' Anti-Malware 1.35
Database version: 1935
Windows 5.1.2600 Service Pack 3

4/2/2009 11:52:11 PM
mbam-log-2009-04-02 (23-52-11).txt

Scan type: Quick Scan
Objects scanned: 111286
Time elapsed: 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also have these older logs (do you want to see any of them?)
2009-03-04
2009-03-30
2009-03-31

Now I will do next step and post results
Reply With Quote
  #6  
Old April 3rd, 2009, 05:10 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Logfile of random's system information tool 1.06 (written by random/random)
Run by Paul at 2009-04-03 00:04:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (46%) free of 38 GB
Total RAM: 1246 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:46 AM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Paul\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Osceola Library System Tray App.lnk = ?
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: TrayMin230.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

--
End of file - 10335 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EvidenceEraser Scheduled Scan.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{75E3A76E-94E8-4537-9AA6-65E68D8EE127}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8D59EDD1-47DB-41B6-96AF-447CC691EA00}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-04 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-04 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}]
OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2008-04-22 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2008-07-25 2781184]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-04 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Notebook Maximizer"=C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]
"SPC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor. exe [2007-12-10 323584]
"SPC230NC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Mon itor.exe [2007-12-10 323584]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-04 1932568]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-03-26 401040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-27 1830128]
"cdloader"=C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe [2008-07-22 50520]
"Philips Intelligent Agent"=C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
"Jing"=C:\Program Files\TechSmith\Jing\Jing.exe [2009-02-19 2495752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-06-11 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-08-06 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER]
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe [2004-08-19 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton]
C:\Program Files\EzButton\EzButton.EXE [2004-07-07 712704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2003-11-18 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2003-11-18 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm]
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-26 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-02-03 1089589]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
C:\TOSHIBA\IVP\ISM\pinger.exe [2005-03-17 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-03-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-07-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
c:\WINDOWS\System32\ZoomingHook.exe [2004-07-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2009-01-07 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-itŪ Software Notes Lite.lnk]
C:\PROGRA~1\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [1999-09-30 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]

(Cont'd in next post...)
Reply With Quote
  #7  
Old April 3rd, 2009, 05:12 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe -logon
Post-itŪ Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe
TrayMin230.lnk - C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe

C:\Documents and Settings\Paul\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
Osceola Library System Tray App.lnk - C:\Program Files\PermissionTV\bin\dmtray.exe
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-04 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"_NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp \NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\IS M\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediM ail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:Incred iMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:Incredi Mail"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic "
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\syst em32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\LMI14.tmp\rescue.exe"="C:\WINDOWS\LMI1 4.tmp\rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Paul\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Paul\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCore\sopvod.exe"="C:\Program Files\SopCore\sopvod.exe:*:Enabled:sopvod"
"C:\WINDOWS\system32\lxctcoms.exe"="C:\WINDOWS\sys tem32\lxctcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\LMI9.tmp\rescue.exe"="C:\WINDOWS\LMI9. tmp\rescue.exe:*:Enabled:LogMeIn Rescue"
"C:\Program Files\PdaNet 4.12\PdaNet.exe"="C:\Program Files\PdaNet 4.12\PdaNet.exe:*:Enabled:PdaNet"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Paul\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Paul\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe"="C:\WINDOW S\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.ex e"
"C:\WINDOWS\system\rundll32.exe"="C:\WINDOWS\syste m\rundll32.exe:*:Enabled:rundll32"
"C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4YWVCPYT\installer_00031[1].exe"="C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4YWVCPYT\installer_00031[1].exe:*:Enabled:installer"
"C:\WINDOWS\system\dop.exe"="C:\WINDOWS\system\dop .exe:*:Enabled:se"
"C:\WINDOWS\system\se.exe"="C:\WINDOWS\system\se.e xe:*:Enabled:se"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6516eafe-6c6d-11dd-9ed5-000fb03742e3}]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{735528be-671d-11dd-9ec9-000fb03742e3}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-04-03 00:04:25 ----D---- C:\rsit
2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\java.exe
2009-04-02 21:17:40 ----D---- C:\Program Files\Trend Micro
2009-04-01 23:33:05 ----D---- C:\Program Files\CamStudio
2009-03-30 21:02:35 ----D---- C:\WINDOWS\ie8updates
2009-03-30 21:00:38 ----A---- C:\WINDOWS\imsins.BAK
2009-03-30 20:57:55 ----HDC---- C:\WINDOWS\ie8
2009-03-28 23:30:12 ----D---- C:\Program Files\iPod
2009-03-28 23:30:07 ----D---- C:\Program Files\iTunes
2009-03-28 23:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-28 23:27:41 ----D---- C:\Program Files\QuickTime
2009-03-28 23:25:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-03-28 23:08:18 ----D---- C:\Program Files\Safari
2009-03-28 22:55:33 ----D---- C:\Program Files\TechSmith
2009-03-28 22:42:25 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-28 22:41:25 ----D---- C:\Program Files\Reference Assemblies
2009-03-28 22:40:33 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-03-17 02:00:37 ----HD---- C:\WINDOWS\PIF
2009-03-16 03:00:25 ----D---- C:\Program Files\MSXML 4.0
2009-03-15 15:56:19 ----RA---- C:\WINDOWS\system32\msxml4r.dll
2009-03-15 15:56:19 ----RA---- C:\WINDOWS\system32\msxml4a.dll
2009-03-12 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-12 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-11 04:32:42 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-11 04:32:40 ----D---- C:\Program Files\NOS
2009-03-09 11:31:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-09 11:31:07 ----D---- C:\Program Files\Oberon Media
2009-03-09 11:31:07 ----D---- C:\Program Files\IncrediGames
2009-03-09 11:31:07 ----D---- C:\Program Files\Common Files\Oberon Media
2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-03-08 00:27:15 ----HD---- C:\$AVG8.VAULT$
2009-03-06 23:24:09 ----D---- C:\Documents and Settings\Paul\Application Data\Mozilla
2009-03-06 23:23:54 ----D---- C:\Program Files\Mozilla Firefox
2009-03-04 20:24:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-04 20:24:36 ----D---- C:\Documents and Settings\Paul\Application Data\AVGTOOLBAR
2009-03-04 20:24:19 ----D---- C:\Program Files\AVG
2009-03-04 20:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8


(Cont'd in next post...)
Reply With Quote
  #8  
Old April 3rd, 2009, 05:12 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
======List of files/folders modified in the last 1 months======

2009-04-03 00:04:28 ----D---- C:\WINDOWS\Prefetch
2009-04-02 23:57:02 ----D---- C:\Documents and Settings\Paul\Application Data\Skype
2009-04-02 23:24:55 ----D---- C:\WINDOWS\system32\drivers
2009-04-02 23:24:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-02 21:56:22 ----D---- C:\Program Files\Adobe
2009-04-02 21:49:20 ----SHD---- C:\WINDOWS\Installer
2009-04-02 21:49:06 ----D---- C:\Config.Msi
2009-04-02 21:49:03 ----D---- C:\WINDOWS\Temp
2009-04-02 21:49:01 ----D---- C:\WINDOWS\system32
2009-04-02 21:48:58 ----D---- C:\Program Files\Java
2009-04-02 21:17:40 ----RD---- C:\Program Files
2009-04-02 21:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\WholeSecurity
2009-04-02 20:57:04 ----D---- C:\Documents and Settings\Paul\Application Data\OpenOffice.org2
2009-04-02 20:55:31 ----D---- C:\WINDOWS\system32\ias
2009-04-02 20:42:43 ----D---- C:\Documents and Settings\Paul\Application Data\skypePM
2009-04-01 23:53:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-31 22:31:07 ----D---- C:\Documents and Settings\Paul\Application Data\FileZilla
2009-03-31 21:52:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-31 21:52:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-31 19:45:10 ----SD---- C:\WINDOWS\Tasks
2009-03-30 21:25:05 ----D---- C:\WINDOWS\network diagnostic
2009-03-30 21:09:18 ----D---- C:\Documents and Settings\Paul\Application Data\Apple Computer
2009-03-30 21:05:30 ----D---- C:\WINDOWS
2009-03-30 21:05:02 ----D---- C:\WINDOWS\system32\en-US
2009-03-30 21:05:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-30 21:05:01 ----HD---- C:\WINDOWS\inf
2009-03-30 21:05:01 ----D---- C:\WINDOWS\Media
2009-03-30 21:05:01 ----D---- C:\WINDOWS\Help
2009-03-30 21:05:01 ----D---- C:\Program Files\Internet Explorer
2009-03-30 21:01:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-30 20:54:32 ----D---- C:\WINDOWS\Debug
2009-03-30 20:46:33 ----D---- C:\Program Files\Opera
2009-03-30 20:23:40 ----D---- C:\Program Files\Watchtower
2009-03-30 20:23:27 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-30 20:17:47 ----D---- C:\Documents and Settings\Paul\Application Data\Adobe
2009-03-30 20:17:46 ----D---- C:\WINDOWS\system32\Adobe
2009-03-30 20:17:10 ----D---- C:\Program Files\Common Files
2009-03-30 20:15:56 ----D---- C:\Program Files\Common Files\Adobe
2009-03-30 20:15:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-29 23:42:21 ----D---- C:\Program Files\FileZilla FTP Client
2009-03-28 23:30:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-28 23:30:03 ----D---- C:\Program Files\Common Files\Apple
2009-03-28 23:11:30 ----RSD---- C:\WINDOWS\assembly
2009-03-28 23:10:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-28 22:55:34 ----D---- C:\WINDOWS\WinSxS
2009-03-28 22:47:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-28 22:47:12 ----D---- C:\Program Files\MSBuild
2009-03-28 22:42:19 ----RSD---- C:\WINDOWS\Fonts
2009-03-28 22:22:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-27 17:15:14 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-21 00:37:23 ----A---- C:\WINDOWS\pagebreeze.ini
2009-03-19 22:01:41 ----SD---- C:\Documents and Settings\Paul\Application Data\Microsoft
2009-03-15 17:13:15 ----A---- C:\WINDOWS\ModemLog_PdaNet Modem.txt
2009-03-15 17:05:04 ----A---- C:\pdanetbt.txt
2009-03-14 08:28:24 ----D---- C:\Program Files\palmOne
2009-03-12 03:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-09 11:31:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-08 14:22:46 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:21:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-06 23:49:19 ----D---- C:\WINDOWS\Minidump
2009-03-06 23:33:54 ----D---- C:\Program Files\SpiralFrog

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-04 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-04 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-02 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-09-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-10-22 24698]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcEPECioctl;SrvcEPECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-08-19 5248]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-07-30 6400]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-05-11 15890]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-11-20 33847]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-05-28 390944]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-08-27 4224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-01-01 8576]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-11 746496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-06-25 58240]
S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2004-06-25 36736]
S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-06-25 336244]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
S3 palmmdm;Palm Modem; C:\WINDOWS\system32\DRIVERS\palmmdm.sys [2006-01-30 9728]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-03-16 16694]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBAVCap;AVerMedia USB TV Tuner Device; C:\WINDOWS\system32\drivers\USBAVCap.sys [2007-05-10 828288]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-04 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-06-23 36960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxct_device;lxct_device; C:\WINDOWS\system32\lxctcoms.exe [2006-07-13 528384]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-11 376832]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
Reply With Quote
  #9  
Old April 3rd, 2009, 05:15 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
info.txt logfile of random's system information tool 1.06 2009-04-03 00:04:51

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVerMedia M039 USB Hybrid ATSC 1.3.0.67-->C:\Program Files\AVerMedia\AVerMedia M039 USB Hybrid ATSC\uninst.exe
AVerTV-->C:\Program Files\InstallShield Installation Information\{FC87BEA8-5582-476C-A754-41F3A9D976D4}\setup.exe -runfromtemp -l0x0409
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chuzzle-->"C:\Program Files\IncrediGames\Chuzzle\Uninstall.exe" "C:\Program Files\IncrediGames\Chuzzle\install.log"
Coloring Book Software to make a kids childrens coloring book s-->"C:\Program Files\HotHotSoftwareFullVersion\create_free_colori ng_books_printable\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\s puninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go-->MsiExec.exe /X{D6FFC3B5-0CE1-4566-801D-3F9D8F000652}
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for Toshiba-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Jing-->MsiExec.exe /I{97F77B0E-DB04-4417-936C-73DDA5CDE5E1}
John's Image Converter 1.2-->C:\Program Files\johnsadventures.com\John's Image Converter\uninst.exe
Lexmark 5400 Series-->C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Mic rosoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microso ft .NET Framework 3.0\setup.exe
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mobipocket Reader 6.2-->MsiExec.exe /I{54DBD56C-3E97-4D9F-8851-B0FDDF976876}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Notebook Maximizer-->C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
OpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
Palm-->MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
palmOne-->MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
PdaNet 4.12 for Treo 700p/755p/Centro-->"C:\Program Files\PdaNet 4.12\unins000.exe"
Philips Intelligent Agent-->"C:\Program Files\Philips\Intelligent Agent\Uninst\unins000.exe"
Philips SPC230NC Webcam-->C:\Program Files\InstallShield Installation Information\{05F350C6-FA6A-40D0-A130-FB941B39152C}\setup.exe -runfromtemp -l0x0009 -removeonly
Post-itŪ Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\s puninst.exe"
Reply With Quote
  #10  
Old April 3rd, 2009, 05:16 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe"
Service Record 5.4.12-->"C:\Program Files\Service Record\unins000.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\I Driver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Management Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{DA704D1F-BD57-45D7-8C2C-02E780AA9FAA} /l1033
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1033
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Watchtower Library 2008 - English-->C:\Program Files\Watchtower\Watchtower Library 2008\E\uninst.exe
Watchtower Library 2008 - Espaņol-->C:\Program Files\Watchtower\Watchtower Library 2008\S\uninst.exe
Webcam Video Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}\Setup.exe" -l0x9
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe"
yBook-->"C:\Documents and Settings\Paul\My Documents\yBook\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: OLD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 35231
Source Name: Service Control Manager
Time Written: 20090306223356.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 35228
Source Name: Service Control Manager
Time Written: 20090306223356.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 35225
Source Name: Service Control Manager
Time Written: 20090306223356.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 35222
Source Name: Service Control Manager
Time Written: 20090306223356.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 35219
Source Name: Service Control Manager
Time Written: 20090306223356.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OLD
Event Code: 0
Message:
General Information
*********************************************
Reply With Quote
  #11  
Old April 3rd, 2009, 05:17 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Additional Info:
ExceptionManager.MachineName: OLD
ExceptionManager.TimeStamp: 12/20/2008 12:43:22 AM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: OLD\User

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'.
Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or
the Manifest failed validation.
TargetSite: NULL
HelpLink: NULL
Source: NULL

2) Exception Information
*********************************************
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2145386481
Message: Exception from HRESULT: 0x8020000F.
TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef)
HelpLink: NULL
Source: Microsoft.ApplicationBlocks.ApplicationUpdater

StackTrace Information
*********************************************
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded()

Record Number: 5005
Source Name: Spiralfrog
Time Written: 20081220004322.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 0
Message:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: OLD
ExceptionManager.TimeStamp: 12/20/2008 12:43:20 AM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: OLD\User

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The BITS service returned an error for the job with the ID 'fdf83358-1a5a-4021-88a2-8fbbd962250d';
the job's name and description are 'Updater job.' and 'Updater: Download the Server XML File.'.
The BITS service error message for this job is
'The server name or address could not be resolved

'.
This job has been canceled, and the DownloaderManager will attempt it again. If you see this error frequently, you may have a mis-configuration, or another
administrator process/user is canceling BITS jobs.
It is also possible that some mis-configuration of the Manifest file is causing BITS to have trouble with a source or destination path;
be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite: NULL
HelpLink: NULL
Source: NULL

Record Number: 5004
Source Name: Spiralfrog
Time Written: 20081220004320.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 0
Message:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: OLD
ExceptionManager.TimeStamp: 12/19/2008 8:51:56 PM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: OLD\User

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'.
Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or
the Manifest failed validation.
TargetSite: NULL
HelpLink: NULL
Source: NULL

2) Exception Information
*********************************************
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2145386481
Message: Exception from HRESULT: 0x8020000F.
TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef)
HelpLink: NULL
Source: Microsoft.ApplicationBlocks.ApplicationUpdater

StackTrace Information
*********************************************
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded()

Record Number: 4998
Source Name: Spiralfrog
Time Written: 20081219205156.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 0
Message:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: OLD
ExceptionManager.TimeStamp: 12/19/2008 8:51:54 PM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: OLD\User

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The BITS service returned an error for the job with the ID '7287505c-07fc-4441-848f-17c79b3d60af';
the job's name and description are 'Updater job.' and 'Updater: Download the Server XML File.'.
The BITS service error message for this job is
'The server name or address could not be resolved

'.
This job has been canceled, and the DownloaderManager will attempt it again. If you see this error frequently, you may have a mis-configuration, or another
administrator process/user is canceling BITS jobs.
It is also possible that some mis-configuration of the Manifest file is causing BITS to have trouble with a source or destination path;
be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__.
TargetSite: NULL
HelpLink: NULL
Source: NULL

Record Number: 4997
Source Name: Spiralfrog
Time Written: 20081219205154.000000-300
Event Type: error
User:

Computer Name: OLD
Event Code: 0
Message:
General Information
*********************************************
Additional Info:
ExceptionManager.MachineName: OLD
ExceptionManager.TimeStamp: 12/19/2008 12:36:09 PM
ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
ExceptionManager.AppDomainName: Spiralfrog.exe
ExceptionManager.ThreadIdentity:
ExceptionManager.WindowsIdentity: OLD\User

1) Exception Information
*********************************************
Exception Type: System.Exception
Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'.
Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or
the Manifest failed validation.
TargetSite: NULL
HelpLink: NULL
Source: NULL

2) Exception Information
*********************************************
Exception Type: System.Runtime.InteropServices.COMException
ErrorCode: -2145386481
Message: Exception from HRESULT: 0x8020000F.
TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef)
HelpLink: NULL
Source: Microsoft.ApplicationBlocks.ApplicationUpdater

StackTrace Information
*********************************************
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait)
at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded()

Record Number: 4991
Source Name: Spiralfrog
Time Written: 20081219123609.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Wow that's a lot of info. Hope it helps.
Reply With Quote
  #12  
Old April 3rd, 2009, 05:33 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
Update... It seems my problem has been fixed. I just typed in my Opera web browser "mail.google.com" and for the first time in a couple of months the login screen appeared.

Wow! Thank you so much. I spent hours and hours trying to fix it myself and you told me how to do it in less than an hour. I will definitely be recommending your forum to everyone.

Do I need to do anything else? I saw one of the stickys in this particular forum was about how to keep your computer from getting re-infected. Should I go through the steps mention there.

Thanks again Aaflac!!!
Reply With Quote
  #13  
Old April 6th, 2009, 03:14 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
My apology for the delay.

Let’s see if Kaspersky picks up any infected files. There is no option to clean/disinfect, however, we can analyze the information on the report and determine whether further action is needed.


Please close all windows, and temporarily disable any security/protection applications as they may interfere with the running of programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run.

Then, use Internet Explorer, and do an online scan with Kaspersky WebScanner
Click: Scan Now
Then click: Accept
The program launches and downloads the latest definition files.
  • Once the files are downloaded, click on: Next
  • Under select a target to scan, select: My Computer
When the scan is done, any infection is displayed.
  • Click on: View scan report
To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save

~~~~
Please provide the contents of the Kaspersky Online Scanner report in your reply.
Reply With Quote
  #14  
Old April 7th, 2009, 10:00 AM
bhopal bhopal is offline
New Member
 
Join Date: Apr 2009
Posts: 20
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, April 7, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, April 07, 2009 05:40:33
Records in database: 2019995
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 103933
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:41:29


File name / Threat name / Threats count
C:\Documents and Settings\Natalie\Local Settings\Temp\ImInstaller\Magentic\magentic_instal l[1].exe Infected: not-a-virusownloader.Win32.ImLoader.f 1
C:\Documents and Settings\Natalie\My Documents\magentic_install.exe Infected: not-a-virusownloader.Win32.ImLoader.f 1
C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\NHBTB92S\x7b[1].xml Infected: Exploit.Multi.Qtp.g 1

The selected area was scanned.
Reply With Quote
  #15  
Old April 8th, 2009, 01:31 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Let's also do the following...

Please download ATF Cleaner
Double-click ATF-Cleaner.exe to run the program
Check: Select All
Check: Empty Selected

If you use the Firefox browser, click on its option in the top menu.
Next, check: Select All
Check: Empty Selected
NOTE:
If you would like to keep your saved passwords, click 'No' at the prompt.

If you use Opera browser, click on its option in the top menu
Choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the ATF Cleaner program.

~~~~
Also, download GooredFix
Save it to the Desktop.
Double-click Goored.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing: Enter

Please post the contents of the log produced in your reply
(It can also be found on the Desktop, and is called Goored.txt).

Note: Please do not run any other Option!!
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Google Redirects David Smith Malware Removal 1 May 1st, 2011 03:20 AM
Slow computer, redirects, weird stuff happening *hjt log incl* dianap Malware Removal 12 June 21st, 2010 05:44 PM
browser redirects me to wa-search.com when i click results in google search ducttape Malware Removal 58 June 12th, 2009 07:59 PM
Can't load Google, Gmail, and Hotmail, among other sites bigboyadamj MacOS 4 September 26th, 2006 05:13 AM
Google and other problems; HijackThis! Log Incl. TK-nvme Malware Removal 3 February 25th, 2006 04:51 AM


All times are GMT +1. The time now is 03:11 AM.