|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 3rd, 2009, 02:26 AM
|
|||
|
|||
|
gmail will not load & google search redirects - see HJT Log incl'd
Can someone help me figure out why I can't get gmail page to load (not in IE 7, IE 8, Firefox or Opera)? Other web pages and surfing, including yahoo searches and yahoo mail seem to work fine. I just can't get into my gmail on this one computer and when I do google searches on this same computer, more often than not, when I click the search results, I am redirected to an adsense page.
I did scan with free version of the following: AVG 8.5, Malwarebytes and SuperAntiSpyware. Here is my hijackthis log file that I just ran: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:18:18 PM, on 4/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\Philips\SPC230NC\Monitor.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\TechSmith\Jing\Jing.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Opera\opera.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\AVG\AVG8\aAvgApi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O1 - Hosts: 94.247.2.216 www.google.com O1 - Hosts: 94.247.2.216 search.yahoo.com O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Osceola Library System Tray App.lnk = ? O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: TrayMin230.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe -- End of file - 10571 bytes Last edited by bhopal; April 3rd, 2009 at 02:31 AM. Reason: I did scans with AVG, etc 
|
|
#2
April 3rd, 2009, 03:50 AM
|
||||
|
||||
|
Welcome to CTH, bhopal!
Please do the following: Download HostsXpert
Note: If a custom Hosts file was in place, edit those entries back in. More information Next, download Malwarebytes' Anti-Malware (MBAM) Save the program to the Desktop Close all Windows, including this one. On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts
Download Random's System Information Tool (RSIT)
Please provide the following in your reply: The MBAM report The RSIT: Log.txt and info.txt You may need to do consecutive posts (one after the other) if the logs are too long.
|
|
#5
April 3rd, 2009, 05:02 AM
|
|||
|
|||
|
Malwarebytes scan results:
Malwarebytes' Anti-Malware 1.35 Database version: 1935 Windows 5.1.2600 Service Pack 3 4/2/2009 11:52:11 PM mbam-log-2009-04-02 (23-52-11).txt Scan type: Quick Scan Objects scanned: 111286 Time elapsed: 18 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I also have these older logs (do you want to see any of them?) 2009-03-04 2009-03-30 2009-03-31 Now I will do next step and post results
|
|
#6
April 3rd, 2009, 05:10 AM
|
|||
|
|||
|
Logfile of random's system information tool 1.06 (written by random/random)
Run by Paul at 2009-04-03 00:04:25 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 17 GB (46%) free of 38 GB Total RAM: 1246 MB (34% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:46 AM, on 4/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\lxctcoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\Philips\SPC230NC\Monitor.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\TechSmith\Jing\Jing.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Paul\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Paul.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [SPC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [SPC230NC_Monitor] C:\WINDOWS\Philips\SPC230NC\Monitor.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Osceola Library System Tray App.lnk = ? O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O4 - Global Startup: TrayMin230.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe -- End of file - 10335 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\EvidenceEraser Scheduled Scan.job C:\WINDOWS\tasks\PCConfidential.job C:\WINDOWS\tasks\User_Feed_Synchronization-{75E3A76E-94E8-4537-9AA6-65E68D8EE127}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8D59EDD1-47DB-41B6-96AF-447CC691EA00}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-04 1078552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-04 1968920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{EAD3A971-6A23-4246-8691-C9244E858967}] OToolbarHelper Class - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll [2008-04-22 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - PayPal Plug-In - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll [2008-07-25 2781184] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-03-04 1968920] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "Notebook Maximizer"=C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672] "SPC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Monitor. exe [2007-12-10 323584] "SPC230NC_Monitor"=C:\WINDOWS\Philips\SPC230NC\Mon itor.exe [2007-12-10 323584] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-04 1932568] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-03-26 401040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-27 1830128] "cdloader"=C:\Documents and Settings\Paul\Application Data\mjusbsp\cdloader2.exe [2008-07-22 50520] "Philips Intelligent Agent"=C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320] "Jing"=C:\Program Files\TechSmith\Jing\Jing.exe [2009-02-19 2495752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-06-11 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2004-08-06 643072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe [2004-08-19 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzButton] C:\Program Files\EzButton\EzButton.EXE [2004-07-07 712704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [2003-11-18 118784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [2003-11-18 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadMSvcmm] C:\Program Files\Movielink\MovielinkManager\Movielink User.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [2003-09-26 184320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-02-03 1089589] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe [2005-03-17 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-03-02 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-07-28 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe [2004-07-14 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2009-01-07 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk] C:\PROGRA~1\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [1999-09-30 869376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648] (Cont'd in next post...)
|
|
#7
April 3rd, 2009, 05:12 AM
|
|||
|
|||
|
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe -logon Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe TrayMin230.lnk - C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe C:\Documents and Settings\Paul\Start Menu\Programs\Startup OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Osceola Library System Tray App.lnk - C:\Program Files\PermissionTV\bin\dmtray.exe palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-01 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-03-04 10520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-11-18 323584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "_NoDriveTypeAutoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp \NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine" "C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\IS M\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediM ail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:Incred iMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:Incredi Mail" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic" "C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic " "C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\syst em32\fxsclnt.exe:*:Enabled:Microsoft Fax Console" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\LMI14.tmp\rescue.exe"="C:\WINDOWS\LMI1 4.tmp\rescue.exe:*:Enabled:LogMeIn Rescue" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Documents and Settings\Paul\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Paul\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\SopCore\sopvod.exe"="C:\Program Files\SopCore\sopvod.exe:*:Enabled:sopvod" "C:\WINDOWS\system32\lxctcoms.exe"="C:\WINDOWS\sys tem32\lxctcoms.exe:*:Enabled:Lexmark Communications System" "C:\WINDOWS\LMI9.tmp\rescue.exe"="C:\WINDOWS\LMI9. tmp\rescue.exe:*:Enabled:LogMeIn Rescue" "C:\Program Files\PdaNet 4.12\PdaNet.exe"="C:\Program Files\PdaNet 4.12\PdaNet.exe:*:Enabled:PdaNet" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Documents and Settings\Paul\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Paul\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack" "C:\WINDOWS\Temp\~os4.tmp\ossproxy.exe"="C:\WINDOW S\Temp\~os4.tmp\ossproxy.exe:*:Enabled:ossproxy.ex e" "C:\WINDOWS\system\rundll32.exe"="C:\WINDOWS\syste m\rundll32.exe:*:Enabled:rundll32" "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4YWVCPYT\installer_00031[1].exe"="C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4YWVCPYT\installer_00031[1].exe:*:Enabled:installer" "C:\WINDOWS\system\dop.exe"="C:\WINDOWS\system\dop .exe:*:Enabled:se" "C:\WINDOWS\system\se.exe"="C:\WINDOWS\system\se.e xe:*:Enabled:se" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6516eafe-6c6d-11dd-9ed5-000fb03742e3}] shell\AutoRun\command - E:\autorun.exe shell\phone\command - E:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{735528be-671d-11dd-9ec9-000fb03742e3}] shell\AutoRun\command - E:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2009-04-03 00:04:25 ----D---- C:\rsit 2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-02 21:49:01 ----A---- C:\WINDOWS\system32\java.exe 2009-04-02 21:17:40 ----D---- C:\Program Files\Trend Micro 2009-04-01 23:33:05 ----D---- C:\Program Files\CamStudio 2009-03-30 21:02:35 ----D---- C:\WINDOWS\ie8updates 2009-03-30 21:00:38 ----A---- C:\WINDOWS\imsins.BAK 2009-03-30 20:57:55 ----HDC---- C:\WINDOWS\ie8 2009-03-28 23:30:12 ----D---- C:\Program Files\iPod 2009-03-28 23:30:07 ----D---- C:\Program Files\iTunes 2009-03-28 23:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-28 23:27:41 ----D---- C:\Program Files\QuickTime 2009-03-28 23:25:40 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-03-28 23:08:18 ----D---- C:\Program Files\Safari 2009-03-28 22:55:33 ----D---- C:\Program Files\TechSmith 2009-03-28 22:42:25 ----D---- C:\WINDOWS\system32\XPSViewer 2009-03-28 22:41:25 ----D---- C:\Program Files\Reference Assemblies 2009-03-28 22:40:33 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-03-17 02:00:37 ----HD---- C:\WINDOWS\PIF 2009-03-16 03:00:25 ----D---- C:\Program Files\MSXML 4.0 2009-03-15 15:56:19 ----RA---- C:\WINDOWS\system32\msxml4r.dll 2009-03-15 15:56:19 ----RA---- C:\WINDOWS\system32\msxml4a.dll 2009-03-12 03:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-12 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-12 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-11 04:32:42 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2009-03-11 04:32:40 ----D---- C:\Program Files\NOS 2009-03-09 11:31:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-03-09 11:31:07 ----D---- C:\Program Files\Oberon Media 2009-03-09 11:31:07 ----D---- C:\Program Files\IncrediGames 2009-03-09 11:31:07 ----D---- C:\Program Files\Common Files\Oberon Media 2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui 2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui 2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui 2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui 2009-03-08 00:27:15 ----HD---- C:\$AVG8.VAULT$ 2009-03-06 23:24:09 ----D---- C:\Documents and Settings\Paul\Application Data\Mozilla 2009-03-06 23:23:54 ----D---- C:\Program Files\Mozilla Firefox 2009-03-04 20:24:51 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-03-04 20:24:36 ----D---- C:\Documents and Settings\Paul\Application Data\AVGTOOLBAR 2009-03-04 20:24:19 ----D---- C:\Program Files\AVG 2009-03-04 20:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 (Cont'd in next post...)
|
|
#8
April 3rd, 2009, 05:12 AM
|
|||
|
|||
|
======List of files/folders modified in the last 1 months======
2009-04-03 00:04:28 ----D---- C:\WINDOWS\Prefetch 2009-04-02 23:57:02 ----D---- C:\Documents and Settings\Paul\Application Data\Skype 2009-04-02 23:24:55 ----D---- C:\WINDOWS\system32\drivers 2009-04-02 23:24:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-04-02 21:56:22 ----D---- C:\Program Files\Adobe 2009-04-02 21:49:20 ----SHD---- C:\WINDOWS\Installer 2009-04-02 21:49:06 ----D---- C:\Config.Msi 2009-04-02 21:49:03 ----D---- C:\WINDOWS\Temp 2009-04-02 21:49:01 ----D---- C:\WINDOWS\system32 2009-04-02 21:48:58 ----D---- C:\Program Files\Java 2009-04-02 21:17:40 ----RD---- C:\Program Files 2009-04-02 21:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\WholeSecurity 2009-04-02 20:57:04 ----D---- C:\Documents and Settings\Paul\Application Data\OpenOffice.org2 2009-04-02 20:55:31 ----D---- C:\WINDOWS\system32\ias 2009-04-02 20:42:43 ----D---- C:\Documents and Settings\Paul\Application Data\skypePM 2009-04-01 23:53:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-31 22:31:07 ----D---- C:\Documents and Settings\Paul\Application Data\FileZilla 2009-03-31 21:52:30 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-31 21:52:21 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-31 19:45:10 ----SD---- C:\WINDOWS\Tasks 2009-03-30 21:25:05 ----D---- C:\WINDOWS\network diagnostic 2009-03-30 21:09:18 ----D---- C:\Documents and Settings\Paul\Application Data\Apple Computer 2009-03-30 21:05:30 ----D---- C:\WINDOWS 2009-03-30 21:05:02 ----D---- C:\WINDOWS\system32\en-US 2009-03-30 21:05:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-30 21:05:01 ----HD---- C:\WINDOWS\inf 2009-03-30 21:05:01 ----D---- C:\WINDOWS\Media 2009-03-30 21:05:01 ----D---- C:\WINDOWS\Help 2009-03-30 21:05:01 ----D---- C:\Program Files\Internet Explorer 2009-03-30 21:01:36 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-30 20:54:32 ----D---- C:\WINDOWS\Debug 2009-03-30 20:46:33 ----D---- C:\Program Files\Opera 2009-03-30 20:23:40 ----D---- C:\Program Files\Watchtower 2009-03-30 20:23:27 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-30 20:17:47 ----D---- C:\Documents and Settings\Paul\Application Data\Adobe 2009-03-30 20:17:46 ----D---- C:\WINDOWS\system32\Adobe 2009-03-30 20:17:10 ----D---- C:\Program Files\Common Files 2009-03-30 20:15:56 ----D---- C:\Program Files\Common Files\Adobe 2009-03-30 20:15:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-03-29 23:42:21 ----D---- C:\Program Files\FileZilla FTP Client 2009-03-28 23:30:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-28 23:30:03 ----D---- C:\Program Files\Common Files\Apple 2009-03-28 23:11:30 ----RSD---- C:\WINDOWS\assembly 2009-03-28 23:10:33 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-28 22:55:34 ----D---- C:\WINDOWS\WinSxS 2009-03-28 22:47:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-28 22:47:12 ----D---- C:\Program Files\MSBuild 2009-03-28 22:42:19 ----RSD---- C:\WINDOWS\Fonts 2009-03-28 22:22:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-03-27 17:15:14 ----D---- C:\Program Files\SUPERAntiSpyware 2009-03-21 00:37:23 ----A---- C:\WINDOWS\pagebreeze.ini 2009-03-19 22:01:41 ----SD---- C:\Documents and Settings\Paul\Application Data\Microsoft 2009-03-15 17:13:15 ----A---- C:\WINDOWS\ModemLog_PdaNet Modem.txt 2009-03-15 17:05:04 ----A---- C:\pdanetbt.txt 2009-03-14 08:28:24 ----D---- C:\Program Files\palmOne 2009-03-12 03:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-03-09 11:31:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-08 14:22:46 ----A---- C:\WINDOWS\system32\ieframe.dll.mui 2009-03-08 14:21:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui 2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll 2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe 2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll 2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll 2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll 2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll 2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll 2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll 2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll 2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll 2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll 2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll 2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll 2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll 2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe 2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll 2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll 2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll 2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll 2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll 2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll 2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll 2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe 2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll 2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll 2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll 2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll 2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll 2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll 2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe 2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll 2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll 2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2009-03-06 23:49:19 ----D---- C:\WINDOWS\Minidump 2009-03-06 23:33:54 ----D---- C:\Program Files\SpiralFrog ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-04 325640] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-04 27656] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-02 108552] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-09-10 44288] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-10-22 24698] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400] R1 SrvcEPECioctl;SrvcEPECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-08-19 5248] R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-07-30 6400] R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400] R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-07-30 6400] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-05-11 15890] R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys [] R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110] R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002] R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-11-20 33847] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-05-28 390944] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497] R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-08-27 4224] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-11-20 95579] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-01-01 8576] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-11 746496] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-06-25 58240] S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2004-06-25 36736] S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-06-25 336244] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAEAFLT.sys;USB Composite Device; C:\WINDOWS\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576] S3 palmmdm;Palm Modem; C:\WINDOWS\system32\DRIVERS\palmmdm.sys [2006-01-30 9728] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-03-16 16694] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913] S3 SPC230NC;Philips SPC230NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 USBAVCap;AVerMedia USB TV Tuner Device; C:\WINDOWS\system32\drivers\USBAVCap.sys [2007-05-10 828288] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-04 298264] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe [2004-06-23 36960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 lxct_device;lxct_device; C:\WINDOWS\system32\lxctcoms.exe [2006-07-13 528384] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168] S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-11 376832] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2006-10-20 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------
|
|
#9
April 3rd, 2009, 05:15 AM
|
|||
|
|||
|
info.txt logfile of random's system information tool 1.06 2009-04-03 00:04:51
======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9 Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9 Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AVerMedia M039 USB Hybrid ATSC 1.3.0.67-->C:\Program Files\AVerMedia\AVerMedia M039 USB Hybrid ATSC\uninst.exe AVerTV-->C:\Program Files\InstallShield Installation Information\{FC87BEA8-5582-476C-A754-41F3A9D976D4}\setup.exe -runfromtemp -l0x0409 AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CamStudio-->C:\Program Files\CamStudio\uninstall.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Chuzzle-->"C:\Program Files\IncrediGames\Chuzzle\Uninstall.exe" "C:\Program Files\IncrediGames\Chuzzle\install.log" Coloring Book Software to make a kids childrens coloring book s-->"C:\Program Files\HotHotSoftwareFullVersion\create_free_colori ng_books_printable\unins000.exe" Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\s puninst.exe" DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Documents To Go-->MsiExec.exe /X{D6FFC3B5-0CE1-4566-801D-3F9D8F000652} DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582 InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVD for Toshiba-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38} Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Jing-->MsiExec.exe /I{97F77B0E-DB04-4417-936C-73DDA5CDE5E1} John's Image Converter 1.2-->C:\Program Files\johnsadventures.com\John's Image Converter\uninst.exe Lexmark 5400 Series-->C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Mic rosoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microso ft .NET Framework 3.0\setup.exe Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} Mobipocket Reader 6.2-->MsiExec.exe /I{54DBD56C-3E97-4D9F-8851-B0FDDF976876} Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Notebook Maximizer-->C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini" OpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB} Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0} Palm-->MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4} palmOne-->MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148} PayPal Plug-In-->C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly PdaNet 4.12 for Treo 700p/755p/Centro-->"C:\Program Files\PdaNet 4.12\unins000.exe" Philips Intelligent Agent-->"C:\Program Files\Philips\Intelligent Agent\Uninst\unins000.exe" Philips SPC230NC Webcam-->C:\Program Files\InstallShield Installation Information\{05F350C6-FA6A-40D0-A130-FB941B39152C}\setup.exe -runfromtemp -l0x0009 -removeonly Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini" PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1} Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\s puninst.exe"
|
|
#10
April 3rd, 2009, 05:16 AM
|
|||
|
|||
|
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Service Record 5.4.12-->"C:\Program Files\Service Record\unins000.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\I Driver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033 SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe" TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1033 TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu" TOSHIBA Power Management Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{DA704D1F-BD57-45D7-8C2C-02E780AA9FAA} /l1033 TOSHIBA Software Modem-->Tosmreg -U TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu" TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1033 Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe Watchtower Library 2008 - English-->C:\Program Files\Watchtower\Watchtower Library 2008\E\uninst.exe Watchtower Library 2008 - Español-->C:\Program Files\Watchtower\Watchtower Library 2008\S\uninst.exe Webcam Video Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}\Setup.exe" -l0x9 Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" yBook-->"C:\Documents and Settings\Paul\My Documents\yBook\unins000.exe" ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: AVG Anti-Virus Free ======System event log====== Computer Name: OLD Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 35231 Source Name: Service Control Manager Time Written: 20090306223356.000000-300 Event Type: error User: Computer Name: OLD Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 35228 Source Name: Service Control Manager Time Written: 20090306223356.000000-300 Event Type: error User: Computer Name: OLD Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 35225 Source Name: Service Control Manager Time Written: 20090306223356.000000-300 Event Type: error User: Computer Name: OLD Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 35222 Source Name: Service Control Manager Time Written: 20090306223356.000000-300 Event Type: error User: Computer Name: OLD Event Code: 7023 Message: The Application Management service terminated with the following error: The specified module could not be found. Record Number: 35219 Source Name: Service Control Manager Time Written: 20090306223356.000000-300 Event Type: error User: =====Application event log===== Computer Name: OLD Event Code: 0 Message: General Information *********************************************
|
|
#11
April 3rd, 2009, 05:17 AM
|
|||
|
|||
|
Additional Info:
ExceptionManager.MachineName: OLD ExceptionManager.TimeStamp: 12/20/2008 12:43:22 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: OLD\User 1) Exception Information ********************************************* Exception Type: System.Exception Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or the Manifest failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information ********************************************* Exception Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message: Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded() Record Number: 5005 Source Name: Spiralfrog Time Written: 20081220004322.000000-300 Event Type: error User: Computer Name: OLD Event Code: 0 Message: General Information ********************************************* Additional Info: ExceptionManager.MachineName: OLD ExceptionManager.TimeStamp: 12/20/2008 12:43:20 AM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: OLD\User 1) Exception Information ********************************************* Exception Type: System.Exception Message: The BITS service returned an error for the job with the ID 'fdf83358-1a5a-4021-88a2-8fbbd962250d'; the job's name and description are 'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service error message for this job is 'The server name or address could not be resolved '. This job has been canceled, and the DownloaderManager will attempt it again. If you see this error frequently, you may have a mis-configuration, or another administrator process/user is canceling BITS jobs. It is also possible that some mis-configuration of the Manifest file is causing BITS to have trouble with a source or destination path; be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__. TargetSite: NULL HelpLink: NULL Source: NULL Record Number: 5004 Source Name: Spiralfrog Time Written: 20081220004320.000000-300 Event Type: error User: Computer Name: OLD Event Code: 0 Message: General Information ********************************************* Additional Info: ExceptionManager.MachineName: OLD ExceptionManager.TimeStamp: 12/19/2008 8:51:56 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: OLD\User 1) Exception Information ********************************************* Exception Type: System.Exception Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or the Manifest failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information ********************************************* Exception Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message: Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded() Record Number: 4998 Source Name: Spiralfrog Time Written: 20081219205156.000000-300 Event Type: error User: Computer Name: OLD Event Code: 0 Message: General Information ********************************************* Additional Info: ExceptionManager.MachineName: OLD ExceptionManager.TimeStamp: 12/19/2008 8:51:54 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: OLD\User 1) Exception Information ********************************************* Exception Type: System.Exception Message: The BITS service returned an error for the job with the ID '7287505c-07fc-4441-848f-17c79b3d60af'; the job's name and description are 'Updater job.' and 'Updater: Download the Server XML File.'. The BITS service error message for this job is 'The server name or address could not be resolved '. This job has been canceled, and the DownloaderManager will attempt it again. If you see this error frequently, you may have a mis-configuration, or another administrator process/user is canceling BITS jobs. It is also possible that some mis-configuration of the Manifest file is causing BITS to have trouble with a source or destination path; be sure that all SOURCE paths are valid URLs, and that all DESTINATION paths are valid LOCAL UNC paths--__shares are not allowed__. TargetSite: NULL HelpLink: NULL Source: NULL Record Number: 4997 Source Name: Spiralfrog Time Written: 20081219205154.000000-300 Event Type: error User: Computer Name: OLD Event Code: 0 Message: General Information ********************************************* Additional Info: ExceptionManager.MachineName: OLD ExceptionManager.TimeStamp: 12/19/2008 12:36:09 PM ExceptionManager.FullName: Microsoft.ApplicationBlocks.ExceptionManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null ExceptionManager.AppDomainName: Spiralfrog.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: OLD\User 1) Exception Information ********************************************* Exception Type: System.Exception Message: The metadata file (the Server Manifest) can't be downloaded for the application 'SpiralfrogClient'. Either the manifest is unavailable (check download URL in Updater config file), the downloader failed, or the Manifest failed validation. TargetSite: NULL HelpLink: NULL Source: NULL 2) Exception Information ********************************************* Exception Type: System.Runtime.InteropServices.COMException ErrorCode: -2145386481 Message: Exception from HRESULT: 0x8020000F. TargetSite: Void GetError(Microsoft.ApplicationBlocks.ApplicationUp dater.Downloaders.IBackgroundCopyError ByRef) HelpLink: NULL Source: Microsoft.ApplicationBlocks.ApplicationUpdater StackTrace Information ********************************************* at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.IBackgroundCopyJob.GetError(IBackgroundCo pyError& ppError) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.HandleDownloadErrorCancelJ ob(IBackgroundCopyJob copyJob, String& errMessage) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaders.BITSDownloader.Microsoft.ApplicationBlock s.ApplicationUpdater.Interfaces.IDownloader.Downlo ad(String sourceFile, String destFile, TimeSpan maxTimeWait) at Microsoft.ApplicationBlocks.ApplicationUpdater.Dow nloaderManager.IsServerManifestDownloaded() Record Number: 4991 Source Name: Spiralfrog Time Written: 20081219123609.000000-300 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Wow that's a lot of info. Hope it helps.
|
|
#12
April 3rd, 2009, 05:33 AM
|
|||
|
|||
|
Update... It seems my problem has been fixed. I just typed in my Opera web browser "mail.google.com" and for the first time in a couple of months the login screen appeared.
Wow! Thank you so much. I spent hours and hours trying to fix it myself and you told me how to do it in less than an hour. I will definitely be recommending your forum to everyone. Do I need to do anything else? I saw one of the stickys in this particular forum was about how to keep your computer from getting re-infected. Should I go through the steps mention there. Thanks again Aaflac!!!
|
|
#13
April 6th, 2009, 03:14 AM
|
||||
|
||||
|
My apology for the delay.
Let’s see if Kaspersky picks up any infected files. There is no option to clean/disinfect, however, we can analyze the information on the report and determine whether further action is needed. Please close all windows, and temporarily disable any security/protection applications as they may interfere with the running of programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run. Then, use Internet Explorer, and do an online scan with Kaspersky WebScanner Click: Scan Now Then click: Accept The program launches and downloads the latest definition files.
Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save ~~~~ Please provide the contents of the Kaspersky Online Scanner report in your reply.
|
|
#14
April 7th, 2009, 10:00 AM
|
|||
|
|||
|
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, April 7, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, April 07, 2009 05:40:33 Records in database: 2019995 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 103933 Threat name: 2 Infected objects: 3 Suspicious objects: 0 Duration of the scan: 02:41:29 File name / Threat name / Threats count C:\Documents and Settings\Natalie\Local Settings\Temp\ImInstaller\Magentic\magentic_instal l[1].exe Infected: not-a-virus  ownloader.Win32.ImLoader.f 1C:\Documents and Settings\Natalie\My Documents\magentic_install.exe Infected: not-a-virus ownloader.Win32.ImLoader.f 1C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\NHBTB92S\x7b[1].xml Infected: Exploit.Multi.Qtp.g 1 The selected area was scanned.
|
|
#15
April 8th, 2009, 01:31 AM
|
||||
|
||||
|
Let's also do the following...
Please download ATF Cleaner Double-click ATF-Cleaner.exe to run the program Check: Select All Check: Empty Selected If you use the Firefox browser, click on its option in the top menu. Next, check: Select All Check: Empty Selected NOTE: If you would like to keep your saved passwords, click 'No' at the prompt. If you use Opera browser, click on its option in the top menu Choose 'Select All' from the list. Click the 'Empty Selected' button. NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt. Click 'Exit' on the Main menu to close the ATF Cleaner program. ~~~~ Also, download GooredFix Save it to the Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing: Enter Please post the contents of the log produced in your reply (It can also be found on the Desktop, and is called Goored.txt). Note: Please do not run any other Option!!
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Google Redirects | David Smith | Malware Removal | 1 | May 1st, 2011 03:20 AM |
| Slow computer, redirects, weird stuff happening *hjt log incl* | dianap | Malware Removal | 12 | June 21st, 2010 05:44 PM |
| browser redirects me to wa-search.com when i click results in google search | ducttape | Malware Removal | 58 | June 12th, 2009 07:59 PM |
| Can't load Google, Gmail, and Hotmail, among other sites | bigboyadamj | MacOS | 4 | September 26th, 2006 05:13 AM |
| Google and other problems; HijackThis! Log Incl. | TK-nvme | Malware Removal | 3 | February 25th, 2006 04:51 AM |
All times are GMT +1. The time now is 03:11 AM.