IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?, Found viruses, cleaned them with AVG, still have IE and AVG issues

Options

Kelvin in Oregon View Member Profile	Nov 27 2008, 06:31 PM Post #1
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	I'm a first-time poster, so I apologize in advance for any mistakes I make. Problems started when AVG Free 8.0 found Downloader.Generic3.SZP and Generic12.LHS. I used AVG to remove them. My AVG scan that night found 18 infections (multiples of several): SHeur2.CRJ SHeur2.HK SHeur.CRBJ Vundo.AV Generic12.LHS IUpd721 (reference to) AVG cleaned them, but said 2 instaces of Vundo.AV (in lsass.exe and hlJDwTLD.dll) would be fixed on the next reboot. My next reboot failed. Tried to restore to recovery point, but that failed (nothing happened when I clicked on Next to do the restore). Eventually was able to run HijackThis (with a friend's help) and clean up enough things that my reboots now work (at least most of the time). Eventually ran Vundo Fix and VirtumundoBegoneand at that point AVG scans (when they worked) showed no issues. It appears that there's still leftover issues because of the following: IE (7.0) gets "cannot display the webpage" at many websites, especially those for AntiVirus/AntiSpyware, including AVG, Kaspersky, BleepingComputer (I'm running this on another computer) AVG Update fails with either "Update Manager: control file is missing" or "Connection failed" Running an AVG scan gets Avgwdsvc.exe encountered a problem. Sometimes the scan continues, sometimes it doesn't. I'm still getting some popups, including www.registrydefender.com, Searchme, Scan.scannerantispyware.com and 85.12.43.70 Google Results page shows larger font than it used to. Clicking on Google Result link often goes to a completely different page. I've gotten "Windows Explorer has encounted a problem (then shuts down)" a couple of times. I tried to follow your recommended steps as much as possible. This included: Clearing IE Temporary Files Renamed C:windows\system32\drivers\etc\hosts to hosts.spybot Installed WindowsDefender. Removed prunnet.exe (2), gadcom.exe, and several less-signifcant items. Several of the less-significant items have come back. Validated Firewall was turned on. Installed current JRE (6 Update 10) Your instructions said to remove my oder JRE, but the names were dissimilar, so I wanted to make sure that was correct before I did. Add/Remove programs shows my old Java as Java 2 Runtime Environment SE 1.3.1. As mentioned above, I installed JRE 6 Update 10. Is that the right update, so I should remove my old 1.3.1 version? I was then ready to collect the information you requested. Unfortunately, I can't run Kaspersky's Online Scan, because I get IE cannot display the webpage. I then downloaded RSIT from this computer, copied it to the failing computer and ran it. The first time I got AutoIt Error Line -1: Error: Variable used without being declared. I tried it again and I got a log.txt, but no info.txt. log.txt has: Logfile of random's system information tool 1.04 (written by random/random) Run by Kelvin Romrell at 2008-11-27 14:46:44 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 25 GB (42%) free of 59 GB Total RAM: 479 MB (26% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001CB64B-74E4-45A9-B897-9F1D9A2EE901}] C:\WINDOWS\system32\mlJDwTLD.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-27 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768] "WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360] "srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864] "IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544] "IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-01 1234712] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Compaq_RBA"=C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856] C:\Documents and Settings\All Users\Start Menu\Programs\Startup HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup Internet Explorer.lnk - ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc Windows Explorer.lnk - C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] "{73259091-9574-4ED8-A40F-7F65AFC28634}"= [] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\mlJDwTLD [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE::Enabled:HotSync® Manager Application" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe::Enabled:Netscape" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe::Enabled:Run a DLL as an App" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe::Enabled:Windows Media Player" "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe::Enabled:Skyworks Ten Pin Championship Bowling" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe::Enabled:Replay Tuner" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe::Enabled:avgupd.exe" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype" "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD::Disabled:Age of Empires II" "C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD::Disabled:Age of Empires II Expansion" "C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe::Disabled:Empire Earth" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7653464-9639-11db-9048-0010dc79a17c}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro 2008-11-27 14:17:29 ----D---- C:\rsit 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\java.exe 2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-27 14:04:19 ----D---- C:\Program Files\Java 2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun 2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender 2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss 2008-11-25 20:51:01 ----A---- C:\WINDOWS\system32\mcrh.tmp 2008-11-25 19:58:00 ----D---- C:\VundoFix Backups 2008-11-25 19:58:00 ----A---- C:\VundoFix.txt 2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis 2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE 2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-24 17:20:02 ----SH---- C:\WINDOWS\system32\wigbiwnx.ini 2008-11-23 21:47:03 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\IUpd721 2008-11-23 20:57:06 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini2 2008-11-23 20:57:01 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini 2008-11-23 17:21:43 ----SH---- C:\WINDOWS\system32\efaipknj.ini 2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt 2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini2 2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini 2008-11-23 16:46:46 ----A---- C:\WINDOWS\system32\prunnet.exe 2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-07 17:02:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-11-05 18:06:20 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL ======List of files/folders modified in the last 1 months====== 2008-11-27 14:27:58 ----AD---- C:\WINDOWS 2008-11-27 14:27:58 ----A---- C:\WINDOWS\.compaq.bak 2008-11-27 14:17:31 ----AD---- C:\Program Files 2008-11-27 14:05:17 ----SHD---- C:\WINDOWS\Installer 2008-11-27 14:04:58 ----D---- C:\WINDOWS\system32 2008-11-27 14:03:39 ----D---- C:\My Temp 2008-11-27 13:24:08 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3 2008-11-27 12:28:43 ----SD---- C:\WINDOWS\Tasks 2008-11-27 12:27:33 ----D---- C:\WINDOWS\Temp 2008-11-27 12:27:26 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-27 12:26:28 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt 2008-11-27 12:23:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-27 12:15:40 ----D---- C:\Program Files\Replay AV 8 2008-11-27 10:49:04 ----D---- C:\WINDOWS\Prefetch 2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf 2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype 2008-11-26 23:45:59 ----HD---- C:\$AVG8.VAULT$ 2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help 2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump 2008-11-25 17:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5 2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks 2008-11-24 18:30:16 ----D---- C:\WINDOWS\system32\drivers 2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2008-11-24 18:17:17 ----D---- C:\Documents and Settings 2008-11-23 17:06:56 ----D---- C:\Temp 2008-11-23 16:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK 2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS 2008-11-05 18:09:36 ----D---- C:\WINDOWS\system32\FxsTmp 2008-11-05 18:09:30 ----D---- C:\Program Files\PDFCreator 2008-11-05 17:24:42 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\PDFcreator 2008-11-04 19:22:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-04 19:14:23 ----D---- C:\WINDOWS\system32\Macromed 2008-11-04 16:58:50 ----D---- C:\Program Files\Musicnotes 2008-11-04 16:58:42 ----RSD---- C:\WINDOWS\Fonts 2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-31 17:26:24 ----D---- C:\Program Files\QUICKENW 2008-10-31 17:26:24 ----A---- C:\WINDOWS\Quicken.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568] R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494] R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448] S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786] S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615] S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [] S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144] R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336] S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] -----------------EOF----------------- Let me know what additional information you need.

3 Pages

1 2 3 >

Replies (1 - 14)

Kelvin in Oregon View Member Profile	Nov 28 2008, 02:42 PM Post #2
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	I don't know if this is considered "bumping", but I have some additional information to add. I tried to run RSIT again. I still only got a log.txt file. However, I tried a Save As from there and saw that my prior run of RSIT had saved an info.txt log in the rst directory. Its contents are: info.txt logfile of random's system information tool 1.04 2008-11-27 14:17:41 ======Uninstall list====== -->C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ActiveDolls - Radiant-->G:\Fire and Rifle Pics\Radiant\Uninstall.exe Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log ADP / XR8.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E31E722-B317-11D4-A292-006097D8A11D}\setup.exe" Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9 AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Calendar Creator 10-->MsiExec.exe /I{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827} CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Clear Cache feature for Internet Explorer-->MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507} Coloreal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe" Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Corel Business Applications-->E:\Corel\AppMan\Setup\remove.exe Diet + Exercise Assistant Desktop-->MsiExec.exe /X{158DC053-8BFA-4991-9B85-7AC5F7CA60A0} DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2} Documents To Go-->MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849} Easy Access Button Support-->C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" EPSON CX 3800 Guide-->C:\Program Files\epson\guide\cx3800_e\uninstall.exe EPSON PhotoCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\Setup.exe" -l0x9 anything EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8} ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF} ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69} ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1} Excel 2000 Quattro Pro 7.0 Converter-->MsiExec.exe /X{011FDFFF-67D5-11D3-8CF4-0050048383FE} Game Maker 6 Resource Pack 1-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR1.log" "/APPNAME=Game Maker 6 Resource Pack 1" Game Maker 6 Resource Pack 3-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInst.log" "/APPNAME=Game Maker 6 Resource Pack 3" Game Maker 6 Resource Pack 4-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR4.log" "/APPNAME=Game Maker 6 Resource Pack 4" Game Maker 6.1-->C:\Documents and Settings\Camille Romrell\Desktop\Uninstal.exe Game Maker 7.0-->F:\Game Maker\Uninstal.exe Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Handmark® Magic Dogs™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Magic Dogs for Palm OS\uninstal.log Handmark® MobileDB™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log Handmark® PDA Money for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\PDA Money for Palm OS\uninstal.log HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 1.99.1-->C:\Program Files\HijackThis\HijackThis.exe /uninstall HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE} HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8} Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe" Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" hp instant support-->C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS HP Photo and Imaging 1.0 - PSC 2000 Series Drivers-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052} HP Photo and Imaging 1.0 - PSC 2000 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat HP Photo and Imaging 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu" Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} JumpStart 2nd Grade v1.1-->C:\WINDOWS\IsUninst.exe -fC:\KA\2G\DeIsL1.isu JumpStart Advanced 2nd Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UNJSA2G.exe JumpStart Field Trip Adventure-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSFTAdvUn.exe JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_460007_25c6b7\Setup.exe /APR-REMOVE KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Kublox-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {01862C0C-3330-47DB-83D1-9E88D1D8DCE4} Line Rider-->G:\Line Rider\Uninstall.exe Math 2-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8032\uninstal.log Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Digital Image Suite 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Learning and Research Plus Support Files-->MsiExec.exe /I{00000000-3976-4267-9F39-1DC4745090B7} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Converter Pack-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\convpack.isu Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9} Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall ModemXpert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CB4FEE2-7F47-11D4-B6AD-00A0CC624550}\setup.exe" AnyText MSN Internet Software-->C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe" Mystery Club Detective Academy-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\DetAcademyUn.exe Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Netscape (7.1)-->C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)" NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" ControlPanelAnyText NetZero-->"C:\Program Files\NetZero\uninst.exe" Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C} OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353} palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A} PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1937.exe" -hu _?=C:\Program Files\PDFCreator Toolbar Phonics 2-3-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8064\uninstal.log powerOne Personal v2.1.1 for Handhelds-->C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280} Quicken WillMaker Plus 2008-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2008\uninstal.log QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Readiris 7.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9 RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Reflection for UNIX and Digital 8.0.2-->MsiExec.exe /I{2ACB03C1-4D55-11D4-8272-00C04F72E405} Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini" Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini" RiskII (remove only)-->"C:\Program Files\RiskII\Uninstall.exe" Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9 Search Enhancements (remove only)-->"C:\Program Files\nzsearch\Uninstall.exe" Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033 SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE" Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe" Verizon High Speed Internet-->"C:\WINDOWS\DSL\unins000.exe" Verizon Online Control Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A3-F17B-11D6-88EA-000476CD2443}\iSetup.exe" -l0x9 UNINSTALL Verizon Online Support Center-->C:\WINDOWS\Motive\Verizon\MCCUninst.exe Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Visual IP InSight(Verizon Online)-->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283} Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP Hotfix - KB885523-->C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} Word Munchers Deluxe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Learning Company\WMuncher\DeIsL1.isu" XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe Yahoo! Essentials-->C:\Program Files\Yahoo!\Common\unwise.exe C:\progra~1\yahoo!\common\install.log Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll Yahoo! Login-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll Yahoo! Messenger Explorer Bar-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG Yahoo! Ten Pin Championship Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}\Setup.exe" -l0x9 -uninst Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe YouSendIt Application Plug-in SDK-->C:\Program Files\InstallShield Installation Information\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\setup.exe -runfromtemp -l0x0409 YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{9F611A4B-1307-4F48-A538-BF6361264C4F}\setup.exe -runfromtemp -l0x0409 =====HijackThis Backups===== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c02&lc=0409 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presario.net/scripts/redirect...c02&lc=0409 O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .avsystemcare.com (HKLM) O15 - Trusted Zone: .safetydownload.com (HKLM) O15 - Trusted Zone: .onerateld.com (HKLM) O15 - Trusted Zone: .virusschlacht.com (HKLM) O15 - Trusted Zone: .trustedantivirus.com (HKLM) O15 - Trusted Zone: .amaena.com (HKLM) O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} (Upgrade Class) - http://qmedia.xlontech.net/100348/qm/lates...ull06061501.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe Hosts File Missing * End of info.txt file * I've also noticed that if I leave my computer untouched long enough (e.g. over night), it appears to suspend or shutdown. Moving the mouse or touching a key (or pressing Ctl-Alt-Del) does nothing. When I press the power button, sometimes it brings me right back to Login screen. Other times it goes through normal system startup. Many times it hangs (e.g. at a black screen, or “Windows is starting up”). This morning it took me 3 tries before I got to the logon screen. Thanks in advance for your help!!!

farbar View Member Profile	Dec 3 2008, 04:53 AM Post #3
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi Kelvin in Oregon, Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem. Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Please download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account* or an account with "Administrative rights"* Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Note: You can download SDFix, extract it, then transfer extracted SDFix folder (C:\SDFix) to the infected computer and put it on the root of C drive (start > My Computer > open c drive and put the SDFix folder there) Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply. Please download ATF Cleaner by Atribune & save it to your desktop. Double-click ATF-Cleaner.exe to run the program. Under Main "*Select Files to Delete" choose: Select All. Click the Empty Selected* button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Please download Malwarebytes' Anti-Malware from MajorGeeks Note: you can download the installer and transfer it to the infected computer. Put the installer on C drive and run it from there. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the MBAM log after running it and removing what it finds, or removing files after reboot. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Please download OTViewIt by OldTimer. Save it to your desktop. Double click on the OTViewIt icon on your desktop. Click the "Scan All Users" checkbox. Set File age to 60 days. Type in the Custom Scans section: hijackthisbackups Click Run Scan button. Two reports will open, copy and paste them to your reply: OTViewIt.txt <-- Will be opened Extra.txt <-- Will be minimized Please copy/paste in your next reply: The log of SDFix. The log of MBAM. The OTViewIt logs. Feedback on how it went and the current condition of your computer. -------------------- This is a voluntary free service. However, if you would like to donate click on

farbar View Member Profile	Dec 4 2008, 02:02 PM Post #5
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Hi Kelvin, First you are welcome. But the job is not done. How about calling it a day when I give you the clean sign? I'll answer all your questions but lets proceed with disinfection. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make. Click Start > Programs > Windows Defender or launch from the system tray icon. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Go to Start > Control Panel > Security Center > Windows Defender, at the bottom of the Window Defender's page, under Administrator Options uncheck "use Windows Defender" and then Save. Exit the program. Note:Please keep Windows Defender disabled as long as we are not done. When everything is done and your log is clean again, you can enable it again. Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 4 2008, 11:14 PM Post #6
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Farbar, My apologies. I guess I got so excited about having a working computer again that I got carried away. FYI, my Windows Defender prompts were a little different that you described. I am running V1.1.1593.0, if that makes any difference. I found (and unchecked) "Use real-time protection (recommended)" under Tools> Options. I then tried to make the Windows Defender changes you suggested under the Control Panel, but was not able to do so. I went to Start> Control Panel> Security Center. This screen has Resources on the left, and Security essentials on the right. Under Security essentials are: Firewall, Automatic Updates and Virus Protection. Under that is "Manager security settings for:", followed by Internet Options, Windows Firewall and Automatic Updates. I couldn't find any reference to Windows Defender. I looked for Administrator Options, but couldn't find that either. Please let me know what I need to do next. Thanks again! Kelvin

farbar View Member Profile	Dec 5 2008, 04:41 AM Post #7
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	My bad. This is the right one: Open Windows Defender. Click on Tools, Options. Scroll down the list of options to select "Real-time Protection Options." Uncheck "Use Real-Time Protection (Recommended)". After you uncheck this, click on the Save button and close Windows Defender. After all of the fixes are complete it is very important that you enable Real-time Protection again. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 5 2008, 10:50 AM Post #8
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	OK, that part I was able to figure out before. Your prior steps also referenced turning off something under Control Panel. I just want to make sure that there's nothing else I need to do. I'm at work now. If I don't hear back anything by the time I get home (about 9 hours from now), then I will continue on with the next step (ComboFix). Thanks again!

farbar View Member Profile	Dec 5 2008, 11:33 AM Post #9
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Thanks for asking I apriciate it. The lost part is for Window Vista, my mistake I didn't mention or remove that you don't need it. Please proceed. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 6 2008, 01:04 AM Post #10
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Here is the CombFix log. My computer did reboot, so I presume that means that it found some things that it cleaned up. ComboFix 08-12-05.02 - Kelvin Romrell 2008-12-05 21:34:57.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.76 [GMT -8:00] Running from: c:\documents and settings\Kelvin Romrell\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Camille Romrell\Application Data\IUpd721 c:\documents and settings\Camille Romrell\Application Data\IUpd721\Logs\scns.log c:\documents and settings\Camille Romrell\Local Settings\Temporary Internet Files\Tvm.log c:\documents and settings\Kelvin Romrell\Application Data\IUpd721 c:\documents and settings\Kelvin Romrell\Application Data\IUpd721\Logs\scns.log c:\windows\Downloaded Program Files\setup.inf c:\windows\IE4 Error Log.txt c:\windows\system32\DLTwDJlm.ini c:\windows\system32\DLTwDJlm.ini2 c:\windows\system32\YJkRqBeg.ini c:\windows\system32\YJkRqBeg.ini2 c:\windows\winhelp.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))))) . 2008-12-03 19:34 . 2008-12-03 19:34 <DIR> d-------- c:\documents and settings\Kelvin Romrell\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\Work\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-03 18:13 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:13 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\windows\ERUNT 2008-12-03 16:59 . 2008-12-03 17:43 <DIR> d-------- C:\SDFix 2008-11-29 14:23 . 2008-11-29 14:26 <DIR> d-------- c:\program files\ERUNT 2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- C:\rsit 2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- c:\program files\trend micro 2008-11-27 14:04 . 2008-11-27 14:04 <DIR> d-------- c:\program files\Java 2008-11-27 14:04 . 2008-11-27 14:04 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-27 14:04 . 2008-11-27 14:04 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-27 10:47 . 2008-11-27 10:47 <DIR> d-------- c:\program files\Windows Defender 2008-11-25 20:50 . 2008-12-03 18:00 <DIR> d-------- c:\documents and settings\Work\Application Data\U3 2008-11-25 19:58 . 2008-11-25 19:58 <DIR> d-------- C:\VundoFix Backups 2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\XoftSpySE 2008-11-25 16:26 . 2008-11-25 16:26 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Desktop Search 2008-11-25 16:23 . 2008-11-25 16:23 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Search 2008-11-25 16:18 . 2008-11-25 16:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-24 18:17 . 2008-11-25 22:05 <DIR> d-------- c:\documents and settings\Administrator 2008-11-24 17:20 . 2008-11-24 17:22 1,651,434 ---hs---- c:\windows\system32\wigbiwnx.ini 2008-11-23 17:21 . 2008-11-23 23:14 1,641,330 ---hs---- c:\windows\system32\efaipknj.ini 2008-11-23 16:46 . 2008-11-23 16:46 29,184 --a------ c:\windows\system32\MSINET.oca 2008-11-23 16:46 . 2008-11-23 16:46 2,407 --a------ c:\windows\system32\MSINET.DEP 2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- c:\documents and settings\Camille Romrell\Application Data\Snapfish 2008-11-07 17:02 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-06 05:47 5,068 ----a-w c:\windows\compaq.reg 2008-12-05 15:49 --------- d-----w c:\program files\Replay AV 8 2008-12-05 06:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-29 22:06 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\U3 2008-11-27 08:33 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\Skype 2008-11-26 01:37 --------- d--h--w c:\documents and settings\All Users\Application Data\Move Networks 2008-11-26 01:37 --------- d-----w c:\program files\Virtools Web Player 3.5 2008-11-25 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-24 04:37 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Skype 2008-11-06 02:09 --------- d-----w c:\program files\PDFCreator 2008-11-06 01:24 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\PDFcreator 2008-11-06 00:32 --------- d-----w c:\documents and settings\Work\Application Data\PDFcreator 2008-11-05 00:59 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Sibelius Software 2008-11-05 00:58 --------- d-----w c:\program files\Musicnotes 2008-11-01 01:26 --------- d-----w c:\program files\QUICKENW 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-06-13 03:01 124,568 ----a-w c:\documents and settings\Kelvin Romrell\Application Data\GDIPFONTCACHEV1.DAT 2008-05-15 18:07 124,568 ----a-w c:\documents and settings\Camille Romrell\Application Data\GDIPFONTCACHEV1.DAT 2007-01-05 02:46 60,928 ----a-w c:\documents and settings\Camille Romrell\jbfmod.dll 2007-01-05 02:46 161,280 ----a-w c:\documents and settings\Camille Romrell\fmod.dll 2005-02-11 01:26 118,496 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT 2004-09-28 01:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS 2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768] "WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544] "IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] c:\documents and settings\Camille Romrell\Start Menu\Programs\Startup\ Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-11-11 114688] officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456] Replay AV 8.lnk - c:\program files\Replay AV 8\ReplayAV.exe [2007-08-19 789504] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040] Windows Media Player.lnk - c:\program files\Windows Media Player\wmplayer.exe [2004-08-11 64000] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "DDCM"="c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" "NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize "Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe "Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Replay AV 8\\Tuner.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-17 97928] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 231704] R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788] S0 oroc;oroc;c:\windows\system32\drivers\wole.sys [] S2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [2001-08-18 14336] S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\Drivers\gbalink.sys [2004-12-06 19677] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2001-08-18 12672] S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe [] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652] . Contents of the 'Scheduled Tasks' folder 2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2003-04-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56] 2008-12-06 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] . - - - - ORPHANS REMOVED - - - - BHO-{001CB64B-74E4-45A9-B897-9F1D9A2EE901} - c:\windows\system32\mlJDwTLD.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1;localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\Downloaded Program Files\DIGHardwareControl.ocx - O16 -: {352797A0-EFD0-4FA6-B229-145120EA4B8A} hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab c:\windows\Downloaded Program Files\DIGHardwareControl.inf O16 -: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://esis6.nwpartnership.org:7777/forms/jinitiator/jinit.exe . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-05 21:47:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\SAgent4.exe c:\windows\system32\fxssvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\COMPAQ\Easy Access Button Support\CPQEADM.exe c:\compaq\eakdrv\EAUSBKBD.exe c:\progra~1\COMPAQ\EASYAC~1\BttnServ.exe c:\windows\system32\rundll32.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Microsoft Office\Office10\WINWORD.EXE . ************************************************************************ . Completion time: 2008-12-05 21:58:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-06 05:58:04 Pre-Run: 25,989,996,544 bytes free Post-Run: 26,300,416,000 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 226 --- E O F --- 2008-11-22 07:02:47

Kelvin in Oregon View Member Profile	Dec 6 2008, 01:08 AM Post #11
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Also, I turned my AVG Resident Shield back on, because I didn't want to leave myself exposed overnight. Let me know if I need to turn it back off before the next step. I left Windows Defender Real-time protection turned off, because you said at one point that I should leave it off until everything was complete. Thanks again for your assistance!

farbar View Member Profile	Dec 6 2008, 07:15 AM Post #12
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	QUOTE Also, I turned my AVG Resident Shield back on, because I didn't want to leave myself exposed overnight. Let me know if I need to turn it back off before the next step. I left Windows Defender Real-time protection turned off, because you said at one point that I should leave it off until everything was complete. Thanks again for your assistance! Yes both the actions are required. The AVG Resident Schild should be turned off again after a temporary disabling but the Windows defender should be kept disabled until the log is clean. And you are welcome! ++++++++++++++++++++++++++++++++ Yes ComboFix removed most of the remaining malware. You have removed a couple of legit entries with Hijackthis. HJT doesn't read 09 entries very well and listing them as (file missing) doesn't mean the file is missing. These entries are related to Network Diagnostic and are needed by connection problems. Open HijackThis, and click on "View the list of Backups". Place a check mark next to the following: O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Click Restore then click Yes. Reboot your computer, this is an important step. More information can be found here. Open notepad and copy/paste the text in the code box below into it: CODE http://www.bleepingcomputer.com/forums/index.php?showtopic=182460&hl=kelvin Collect::[4] C:\WINDOWS\System32\wigbiwnx.ini C:\WINDOWS\System32\efaipknj.ini Driver:: oroc Save this as CFScript.txt Referring to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Important Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file. The first time you run RSIT the malware didn't let it to download and run Hijackthis. Please delete your copy of RSIT from your desktop. Download a fresh copy, run it and post the log.txt. The info.txt is not needed. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 6 2008, 01:49 PM Post #13
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	Farbar, I ran HijackThis and clicked on "View the list of Backups". The Configuration screen was displayed, saying "This is your ilst of items that were backed up...". The white area below there was empty. What should I do next? Kelvin

farbar View Member Profile	Dec 6 2008, 09:09 PM Post #14
Bleeping Curious Group: HJT Team Posts: 7,103 Joined: 8-December 07 From: The Netherlands Member No.: 175,240	Please perform this recovery registry fix instead of step# 1 and proceed with the second step: Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected. Copy and paste the text in code box into it. CODE Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}] "CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}" "MenuText"="@xpsp3res.dll,-20001" "Exec"="%windir%\\Network Diagnostic\\xpnetdiag.exe" Save the file to the desktop as regfix.reg Make sure the Save as type field says All files. Locate network.reg on the desktop and double-click on it and confirm. A window pops up asking if you are sure to add the file to the registry. Click Yes. You get another window popup saying that network.reg successfully added to the registry. Note: You have to turn off any registry protector software you have in order the changes to be taken place. -------------------- This is a voluntary free service. However, if you would like to donate click on

Kelvin in Oregon View Member Profile	Dec 7 2008, 12:24 AM Post #15
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378	OK. I did the recovery registry fix. The instructions said to save it as regfix.reg, but said to double-click on network.reg. I presumed this meant regfix.reg. That's what I did and got the popups you described. I then tried to go on with step 2. I created CFScript.txt just fine. I then dragged it and dropped it on the ComboFix.exe icon. It looked like it started out OK. I then got a Error box saying "You canot rename ComboFix as ComboFix. Please use another name, preferbaly made up of alphanumeric charcters." A blue DOS window then appeared with a title of '.' Nothing showed up in it. I then got an Update box saying "There's a newer version of ComboFix available. Would you like to update ComboFix?" Do I have some problem? Or should I just click OK on the Error box, and then either Yes or No on the Update box? Sorry to keep bothering you, but I want to make sure I do it correctly. Thanks as always! Kelvin

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 10:14 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides