Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection(?) - Red X for drive C


  • This topic is locked This topic is locked
2 replies to this topic

#1 PCANW

PCANW

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 05 December 2008 - 02:33 AM

Hi Guys,

First time posting. I've been reading the forums and have been able to follow the general steps for most users on cleaning up a BADLY infected Win XP Home SP3 computer. I'm pretty sure I've removed most of the viruses and malware, but there are still symptoms of infections that I can't figure out how to remove. The specific symptoms I am seeing are a red 'X' where the C drive icon should be, and "Search..." as the default activation option on all the drives.

Most of the posts seem to be machine specific, so I would really appreciate some help in completely cleaning this machine. I would especially like to fix the drive icon and search problems. As I am a pretty technical person, I would also really like to learn whatever I can to be able to help myself clean up other machines too. Below are the posts for Hijack This and RSIT. Thanks in Advanced! - Jim

************* HIJACK THIS *******************
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-04 23:11:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (84%) free of 71 GB
Total RAM: 2039 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:28 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxtray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1228380037609
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5464 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-14 139264]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"BDAgent"=C:\Program Files\Softwin\BitDefender10\bdagent.exe [2007-03-26 69632]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=C:\WINDOWS\system32\nview.dll [2003-08-19 852038]
"Eraser"=C:\Program Files\Eraser\eraser.exe [2007-12-22 916240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2008-12-04 23:11:24 ----D---- C:\rsit
2008-12-04 22:47:37 ----D---- C:\WINDOWS\LastGood
2008-12-04 22:47:37 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-04 22:47:37 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-04 14:09:48 ----A---- C:\ComboFix.txt
2008-12-04 14:02:37 ----A---- C:\WINDOWS\zip.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\VFIND.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\SWSC.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\SWREG.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\sed.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\grep.exe
2008-12-04 14:02:37 ----A---- C:\WINDOWS\fdsv.exe
2008-12-04 14:02:32 ----D---- C:\WINDOWS\ERDNT
2008-12-04 14:02:32 ----D---- C:\Qoobox
2008-12-04 13:02:06 ----D---- C:\VundoFix Backups
2008-12-04 13:02:06 ----A---- C:\VundoFix.txt
2008-12-04 12:29:08 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-12-04 11:51:45 ----D---- C:\WINDOWS\ERUNT
2008-12-04 11:48:38 ----D---- C:\SDFix
2008-12-04 11:35:45 ----D---- C:\Program Files\Trend Micro
2008-12-04 09:37:37 ----HD---- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-04 09:37:33 ----D---- C:\Program Files\Eraser
2008-12-04 01:13:09 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-12-04 01:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-04 01:04:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-04 01:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-04 01:03:19 ----D---- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
2008-12-04 01:02:31 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-12-04 01:02:31 ----D---- C:\Program Files\Windows Desktop Search
2008-12-04 01:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-12-04 01:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-12-04 00:59:39 ----D---- C:\WINDOWS\system32\DRM
2008-12-04 00:59:30 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-04 00:59:29 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-04 00:59:05 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-04 00:58:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-04 00:58:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-04 00:57:32 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-04 00:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-04 00:35:22 ----D---- C:\WINDOWS\ie7updates
2008-12-04 00:34:56 ----D---- C:\WINDOWS\WBEM
2008-12-04 00:33:57 ----HDC---- C:\WINDOWS\ie7
2008-12-04 00:33:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-04 00:33:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-04 00:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-04 00:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-04 00:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-04 00:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-04 00:26:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-04 00:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-04 00:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-04 00:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-03 23:41:50 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-03 23:32:24 ----D---- C:\WINDOWS\Prefetch
2008-12-03 23:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-12-03 23:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-03 23:30:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-03 23:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-03 23:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-03 23:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-03 23:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-03 23:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-03 23:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-03 23:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-03 23:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-03 23:26:53 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-03 23:26:52 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-03 23:26:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-03 23:26:50 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-03 23:26:49 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-03 23:26:49 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-03 23:26:48 ----D---- C:\WINDOWS\system32\scripting
2008-12-03 23:26:47 ----D---- C:\WINDOWS\system32\en
2008-12-03 23:26:47 ----D---- C:\WINDOWS\l2schemas
2008-12-03 23:24:20 ----D---- C:\WINDOWS\network diagnostic
2008-12-03 23:23:27 ----A---- C:\WINDOWS\005846_.tmp
2008-12-03 23:11:50 ----D---- C:\Documents and Settings\Owner\Application Data\Bitdefender
2008-12-03 23:11:12 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-12-03 23:11:10 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\Symantec
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\Sonic
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\SampleView
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\interMute
2008-12-03 23:11:10 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2008-12-03 22:59:16 ----D---- C:\Download
2008-12-03 22:56:08 ----N---- C:\WINDOWS\system32\RtlCPAPI.dll
2008-12-03 22:56:08 ----N---- C:\WINDOWS\system32\ChCfg.exe
2008-12-03 22:56:08 ----N---- C:\WINDOWS\soundman.exe
2008-12-03 22:56:06 ----N---- C:\WINDOWS\system32\RTLCPL.exe
2008-12-03 22:56:06 ----N---- C:\WINDOWS\alcupd.exe
2008-12-03 22:56:06 ----N---- C:\WINDOWS\alcrmv.exe
2008-12-03 18:03:56 ----D---- C:\Program Files\Softwin
2008-12-03 18:03:56 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-12-03 18:03:31 ----D---- C:\Program Files\Common Files\Softwin
2008-12-03 09:16:25 ----D---- C:\Program Files\VS Revo Group
2008-12-03 08:43:02 ----D---- C:\Program Files\CCleaner
2008-12-03 00:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-03 00:19:15 ----D---- C:\Program Files\SUPERAntiSpyware

======List of files/folders modified in the last 1 months======

2008-12-04 22:47:38 ----D---- C:\WINDOWS\Temp
2008-12-04 22:47:38 ----D---- C:\WINDOWS\system32
2008-12-04 22:47:37 ----HD---- C:\WINDOWS\inf
2008-12-04 22:47:37 ----D---- C:\WINDOWS
2008-12-04 14:10:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 14:09:54 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 14:08:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-04 14:06:57 ----A---- C:\WINDOWS\system.ini
2008-12-04 14:05:30 ----D---- C:\WINDOWS\system32\config
2008-12-04 14:04:32 ----D---- C:\Program Files\Common Files
2008-12-04 14:04:31 ----D---- C:\WINDOWS\AppPatch
2008-12-04 14:03:42 ----D---- C:\temp
2008-12-04 14:02:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 13:57:16 ----ASH---- C:\boot.ini
2008-12-04 13:56:20 ----SHD---- C:\System Volume Information
2008-12-04 13:56:20 ----D---- C:\WINDOWS\system32\Restore
2008-12-04 12:11:39 ----D---- C:\WINDOWS\Debug
2008-12-04 11:53:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 11:35:45 ----D---- C:\Program Files
2008-12-04 11:08:35 ----D---- C:\Documents and Settings
2008-12-04 09:37:37 ----SHD---- C:\WINDOWS\Installer
2008-12-04 09:37:36 ----HD---- C:\Config.Msi
2008-12-04 09:36:12 ----D---- C:\WINDOWS\WinSxS
2008-12-04 09:36:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 01:12:02 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-04 01:03:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-04 01:03:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-04 01:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 01:02:33 ----D---- C:\WINDOWS\system32\en-US
2008-12-04 01:02:31 ----D---- C:\WINDOWS\system32\wbem
2008-12-04 01:02:30 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-04 01:02:16 ----RSD---- C:\WINDOWS\assembly
2008-12-04 01:01:26 ----A---- C:\WINDOWS\win.ini
2008-12-04 01:00:54 ----RSD---- C:\WINDOWS\Fonts
2008-12-04 00:59:04 ----D---- C:\Program Files\Windows Media Player
2008-12-04 00:59:02 ----D---- C:\WINDOWS\Help
2008-12-04 00:57:36 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-04 00:40:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-04 00:37:13 ----D---- C:\Program Files\Internet Explorer
2008-12-04 00:34:51 ----D---- C:\WINDOWS\Media
2008-12-03 23:31:53 ----D---- C:\WINDOWS\system32\Setup
2008-12-03 23:31:12 ----D---- C:\WINDOWS\security
2008-12-03 23:29:06 ----D---- C:\Program Files\Messenger
2008-12-03 23:26:54 ----D---- C:\WINDOWS\ime
2008-12-03 23:26:49 ----D---- C:\WINDOWS\system32\usmt
2008-12-03 23:26:46 ----D---- C:\WINDOWS\system32\bits
2008-12-03 23:26:46 ----D---- C:\WINDOWS\peernet
2008-12-03 23:26:46 ----D---- C:\Program Files\Movie Maker
2008-12-03 23:25:39 ----D---- C:\WINDOWS\system32\npp
2008-12-03 23:25:38 ----D---- C:\WINDOWS\msagent
2008-12-03 23:25:37 ----D---- C:\WINDOWS\srchasst
2008-12-03 23:25:36 ----D---- C:\Program Files\NetMeeting
2008-12-03 23:25:35 ----D---- C:\WINDOWS\system32\Com
2008-12-03 23:25:33 ----D---- C:\Program Files\Windows NT
2008-12-03 23:25:33 ----D---- C:\Program Files\Outlook Express
2008-12-03 23:25:31 ----D---- C:\Program Files\Common Files\System
2008-12-03 23:25:17 ----D---- C:\WINDOWS\system32\oobe
2008-12-03 23:25:16 ----D---- C:\WINDOWS\system
2008-12-03 23:23:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-03 23:20:30 ----D---- C:\WINDOWS\EHome
2008-12-03 22:56:06 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-03 20:26:28 ----D---- C:\WINDOWS\CREATOR
2008-12-03 17:39:15 ----A---- C:\WINDOWS\orun32.ini
2008-12-03 17:38:50 ----D---- C:\Program Files\HP
2008-12-03 17:23:17 ----D---- C:\Program Files\Common Files\Real
2008-12-03 17:14:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-03 16:40:49 ----SD---- C:\WINDOWS\Tasks
2008-12-03 16:01:20 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-03 15:09:00 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-12-03 15:05:51 ----A---- C:\WINDOWS\hplj3380.ini
2008-12-03 10:07:28 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-03 09:38:47 ----D---- C:\Program Files\Adobe
2008-12-03 09:32:52 ----D---- C:\WINDOWS\system32\Macromed
2008-12-03 09:21:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 09:19:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-03 09:01:40 ----D---- C:\WINDOWS\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-07 43672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-03 10368]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-28 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bdss;BitDefender Scan Server; C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe [2007-01-19 81920]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe [2008-12-04 278528]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-24 462848]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2005-10-22 69632]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

****************** RSIT info file **********************
info.txt logfile of random's system information tool 1.04 2008-12-04 23:11:32

======Uninstall list======

-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
BitDefender Definitions Update-->MsiExec.exe /X{399C46EC-D5F5-4735-A466-302D8CB18CA5}
BitDefender Free Edition v10-->MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE /s C:\PROGRA~1\HPINST~1\INSTALL.LOG
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O20 - Winlogon Notify: byxxxvs - byxxxvs.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O20 - Winlogon Notify: jnqhlgui - jnqhlgui.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

======Security center information======

AV: Bitdefender Antivirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

THANKS!!

BC AdBot (Login to Remove)

 


#2 PCANW

PCANW
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 07 December 2008 - 03:23 AM

Well, I figured this out with more online research, so need to spend time with me on resolving this. The solution for undoing the changes to the Windows XP environment are posted below in this one place for someone else's benefit.

Basically, there were a few lines of registry code that should be removed in order to get the red 'X' to disappear. To remove the red 'X', check out this post (scroll to the end of the posting)

http://forum.aumha.org/viewtopic.php?t=315...6c3492cd78ffe4f.

In case the above URL goes away, here's the code. Past the entire code below into a notepad and save with a .REG extension. Then double click and import the code into the registry.

Thanks to Bill Caster, Microsoft MVP for these lines.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]

To reset the behavior of the drive icons in My Computer back to OPEN, type the following at a Windows command prompt:
"regsvr32 /i shell32" (without the quotes). Wait until you get the message that says it's complete, and then reboot the computer.

Guess that's all. Thanks!

Edited by PCANW, 07 December 2008 - 03:29 AM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:04:14 PM

Posted 07 December 2008 - 09:14 PM

If one is not experienced with working in the registry, DO NOT ATTEMPT IT.
Improper changes to the registry could render your computer inoperable.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users