Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Browser, blocked HJT (and other tools) install


  • This topic is locked This topic is locked
2 replies to this topic

#1 Brian Hi

Brian Hi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 19 December 2008 - 11:21 PM

The wife called me out of the shower this morning and said "I think I did something I shouldn't have" -- sure enough the computer was locked in a scanning loop on a strange website that kept popping 'you are infected' warnings -- but I didn't catch the URL before killing it. Since then, AV (e.g. Kaspersky) and related sites (e.g. bleepingcomputer.com) are blocked, and random browser hijacks occur. HiJackThis, when brought in via CD was blocked from installing until I renamed the installer. Posting this via backup computer.

Any help / suggestions greatly appreciated.

log.txt and info.txt embedded
OTScanIT.txt attached

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jackie at 2008-12-19 23:13:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 215 GB (71%) free of 305 GB
Total RAM: 2046 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:11 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OTScanIt2\OTScanIt2.exe
C:\WINDOWS\notepad.exe
F:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jackie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 2509 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1177819764\ee\AOLSoftware.exe [2007-05-25 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe [2007-06-06 936960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
C:\PROGRA~1\GameSpot\GDM_TR~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1177819764\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1177819764\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AOL\Active Virus Shield\avp.exe"="C:\Program Files\AOL\Active Virus Shield\avp.exe:*:Enabled:Active Virus Shield"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\Third Day Games\Gospel Champions - Volume 1\Gospel.exe"="C:\Program Files\Third Day Games\Gospel Champions - Volume 1\Gospel.exe:*:Disabled:Gospel"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Disabled:Two Worlds"
"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Disabled:Two Worlds"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\World In Conflict - Closed MP Beta\wic.exe"="C:\Program Files\World In Conflict - Closed MP Beta\wic.exe:*:Disabled:World in Conflict"
"C:\Documents and Settings\Owner\Desktop\TryWoW.exe"="C:\Documents and Settings\Owner\Desktop\TryWoW.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Play.EXE
shell\install\command - D:\INSTALL\_SETUP.exe


======List of files/folders created in the last 1 months======

2008-12-19 23:13:09 ----D---- C:\rsit
2008-12-19 23:01:48 ----D---- C:\OTScanIt2
2008-12-19 22:55:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-19 22:39:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 22:39:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-19 22:30:52 ----D---- C:\Program Files\Trend Micro
2008-12-19 21:57:31 ----D---- C:\WINDOWS\CSC
2008-12-19 21:30:06 ----D---- C:\Program Files\Bazooka Scanner
2008-12-19 21:25:23 ----D---- C:\Program Files\Lavasoft
2008-12-19 21:25:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-19 08:13:19 ----D---- C:\WINDOWS\TEMP
2008-12-19 07:29:34 ----A---- C:\WINDOWS\system32\YSH2du2a.exe.a_a
2008-12-19 07:29:34 ----A---- C:\WINDOWS\system32\YSH2du2a.exe
2008-12-13 12:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 12:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 12:31:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 12:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 10:32:16 ----D---- C:\Program Files\iPod
2008-12-06 10:32:14 ----D---- C:\Program Files\iTunes
2008-12-06 10:32:14 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 03:25:25 ----D---- C:\Program Files\garmin
2008-11-28 17:42:47 ----D---- C:\Program Files\IbycusUSA2
2008-11-28 16:03:15 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN

======List of files/folders modified in the last 1 months======

2008-12-19 23:00:52 ----HD---- C:\WINDOWS\inf
2008-12-19 23:00:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 22:55:04 ----D---- C:\WINDOWS
2008-12-19 22:53:52 ----A---- C:\WINDOWS\win.ini
2008-12-19 22:53:52 ----A---- C:\WINDOWS\system.ini
2008-12-19 22:53:52 ----A---- C:\boot.ini
2008-12-19 22:39:16 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 22:39:13 ----RD---- C:\Program Files
2008-12-19 22:38:12 ----D---- C:\WINDOWS\system32
2008-12-19 21:48:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 21:25:38 ----SHD---- C:\WINDOWS\Installer
2008-12-19 21:25:38 ----HD---- C:\Config.Msi
2008-12-19 21:24:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-19 21:21:44 ----D---- C:\WINDOWS\Registration
2008-12-19 08:24:14 ----D---- C:\WINDOWS\Prefetch
2008-12-19 07:57:55 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-19 07:38:01 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-19 07:29:34 ----SD---- C:\WINDOWS\Tasks
2008-12-19 07:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-17 20:42:24 ----D---- C:\Program Files\EVEMon
2008-12-17 09:47:01 ----D---- C:\Program Files\Paint Shop Pro 6
2008-12-16 16:01:21 ----D---- C:\WINDOWS\Help
2008-12-14 17:07:40 ----D---- C:\Program Files\Internet Explorer
2008-12-13 12:34:24 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 12:34:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-13 12:34:13 ----D---- C:\WINDOWS\ie7updates
2008-12-13 12:34:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 18:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 09:55:49 ----D---- C:\Program Files\QuickTime
2008-12-06 10:32:16 ----D---- C:\Program Files\Common Files\Apple
2008-11-28 16:02:49 ----D---- C:\Garmin
2008-11-25 22:54:55 ----D---- C:\WINDOWS\system32\wbem
2008-11-25 22:54:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-23 23:30:50 ----D---- C:\WINDOWS\system32\DirectX
2008-11-21 06:54:23 ----D---- C:\My Documents

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-08-17 9856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-05 26824]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-08-17 278728]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-08-17 25416]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 168432]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2008-12-19 23:13:12

======Uninstall list======

-->"C:\Program Files\IbycusUSA2\uninstall.exe"
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
-->MsiExec.exe /I{00180409-78E1-11D2-B60F-006097C998E7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.05.06-->MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bazooka Scanner-->"C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
Blue's Treasure Hunt-->C:\WINDOWS\IsUninst.exe -f"c:\hegames\Blues Treasure Hunt\Uninst.isu" -c"c:\hegames\Blues Treasure Hunt\Uninst.dll
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CacheStats-->MsiExec.exe /I{8FE73E6F-2D9B-428B-BCB2-1217F56A5E87}
Camouflage-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Camouflage\Uninst.isu"
Canon MX310 series User Registration-->C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXE
Canon MX310 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009
CapJaxMathFax (C:\Program Files\CapJaxMathFax\) #3-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CapJaxMathFax\ST6UNST.001"
CapJaxMathFax (C:\Program Files\CapJaxMathFax\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CapJaxMathFax\ST6UNST.000"
CapJaxMathFax-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\CapJaxMathFax\ST6UNST.LOG"
Clifford Learning Activities-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\Uninst.isu" -c"C:\Program Files\Scholastic's Clifford\Clifford Learning Activities\_UnInstall.dll"
Clifford Phonics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}\Setup.exe" -l0x9
Clifford Reading-->C:\WINDOWS\system32\Clifford Uninstall.exe C:\Program Files\Scholastic's Clifford\Clifford Reading\
ClueFinders 3rd Grade Adventures-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\ClueFinders 3rd Grade Adventures\Uninstall.xml"
ClueFinders Mystery Mansion Arcade-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\ClueFinders Mystery Mansion Arcade\Uninstall.xml"
Creative Multimedia Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9CF7568-ADBB-11D8-9966-00A0C9663221}\Setup.exe" -l0x9
Diskeeper 2008 Home-->MsiExec.exe /X{498ECD6B-AD3A-497F-869E-B65777614B1B}
Edmark MindTwister Math-->C:\WINDOWS\unvise32.exe C:\Program Files\Edmark\MindTwister Math\uninstal.log
Edu-Track Home School-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{334396FB-DF73-45A7-94FD-0C576FA87B32}
EVEMon-->C:\Program Files\EVEMon\uninstall.exe
EVE-ONLINE (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
EVEReprocessor-->MsiExec.exe /I{E69ADB4E-5A92-4946-B9B4-CE15CFB5174A}
Fallout2-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\BlackIsle\Fallout2\uninst.log
Garmin Communicator Plugin-->MsiExec.exe /X{620E4DBC-0B81-40DD-9F10-C159ECEAB360}
Garmin MapSource-->MsiExec.exe /X{D678209B-B921-4A30-8A41-70A4A29F22CD}
Garmin Trip and Waypoint Manager v4-->MsiExec.exe /X{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gospel Champions - Volume 1 (remove only)-->"C:\Program Files\Third Day Games\Gospel Champions - Volume 1\Uninstall.exe"
GSAK 7.1.2.30 (Final)-->"c:\gsak\unins000.exe"
GSAK 7.2.1.40 (Final)-->"c:\gsak\unins001.exe"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
High Flying Act - Interactive Storybook-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\High Flying Act - Interactive Storybook\Uninstall.xml"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hooked on Phonics Learn to Read-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hooked on Phonics Learning\Hooked on Phonics Learn to Read\DeIsL1.isu"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Indeo Uninstall.isu" -c"C:\WINDOWS\system32\SavedSystemFiles\indounin.dll"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
James Discovers Math-->C:\WINDOWS\uninst.exe -f"C:\Program Files\James Discovers Math\DeIsL2.isu"
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JumpStart 2nd Grade v1.0-->C:\WINDOWS\uninst.exe -fC:\KA\2G\DeIsL1.isu
JumpStart 3rd Grade v1.2-->C:\WINDOWS\IsUninst.exe -fC:\KA\3G\DeIsL1.isu
JumpStart Advanced Language Club-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSLangClubUn.exe
JumpStart Advanced Preschool-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSAPS.exe
JumpStart Advanced School Time-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSSchoolTimeUn.exe
JumpStart Around the World - Kindergarten-->C:\Program Files\Knowledge Adventure\JSATW\launchap.exe\..\unATWKG.exe
JumpStart Art for Fun-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtfunUn.exe
JumpStart First Grade v2.4-->C:\WINDOWS\uninst.exe -fC:\KA\FG\DeIsL1.isu
JumpStart Kindergarten 2001-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSKG2001\DeIsL1.isu"
JumpStart Kindergarten 98 v2.5-->C:\WINDOWS\IsUninst.exe -fC:\KA\KG98\DeIsL1.isu
JumpStart Parent Resource Center v1.0-->C:\WINDOWS\IsUninst.exe -fC:\KA\PRC\DeIsL1.isu
JumpStart Preschool v2.0-->C:\WINDOWS\IsUninst.exe -fC:\KA\PRSCHL99\DeIsL1.isu
JumpStart Reading for Kindergartners-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSKR\DeIsL1.isu
Lemmings Revolution-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Take 2\Lemmings Revolution\Lemmings Revolution.isu"
Magic School Bus - Dinosaurs-->C:\Program Files\Microsoft Kids\MSB Dino\System\MSBDUNST.EXE /L"C:\Program Files\Microsoft Kids\MSB Dino\System\MSB Dino.log"
Magic School Bus - Earth-->C:\Program Files\Microsoft Kids\MSB Earth\System\MSBEUNST.EXE /L"C:\Program Files\Microsoft Kids\MSB Earth\System\MSB Earth.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Memory Challenge-->"C:\Program Files\Critical Thinking Software\Memory Challenge\mc\UninstallerData\Uninstall Memory Challenge.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Photo Info-->MsiExec.exe /I{08823E70-05FD-4CC3-8019-ABE5B85FC8BE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mind Benders A1 & A2-->C:\PROGRA~1\MINDBE~1\UNWISE.EXE C:\PROGRA~1\MINDBE~1\INSTALL.LOG
Mirror Magic Deluxe-->C:\PROGRA~1\AOLGAM~1\MIRROR~1\UNWISE.EXE /U C:\PROGRA~1\AOLGAM~1\MIRROR~1\INSTALL.LOG
Mission: T.H.I.N.K.-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Ssmwincd\uninstal\DeIsL1.isu
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Move Networks Player for Internet Explorer-->"C:\Documents and Settings\Jackie\Application Data\Move Networks\ie_bin\unins000.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
My Trail Maps-->C:\Program Files\garmin\My Trails\uninstall.exe
MyPublisher-->C:\Program Files\MyPublisher\MyPublisher\MyPublisher.exe -uninstall
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nStant Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PCMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
Piano Wizard-->"C:\Program Files\Piano Wizard\unins000.exe"
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Reader Rabbit 1st Grade-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit 1st Grade\Uninstall.xml"
Reader Rabbit Kindergarten-->C:\Program Files\The Learning Company\Reader Rabbit Kindergarten\uninstal.exe
Reader Rabbit Learn To Read With Phonics-->C:\Program Files\The Learning Company\Reader Rabbit Learn To Read With Phonics\uninstal.exe
Reader Rabbit Math Ages 6-9-->C:\Program Files\The Learning Company\Reader Rabbit Math Ages 6-9\uninstal.exe
Reader Rabbit Preschool-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Preschool\Uninstall.xml"
Reader Rabbit's 1st Grade-->C:\WINDOWS\uninst.exe -fC:\TLCWIN\RRF\uninstal\DeIsL1.isu
Reader Rabbit's Kindergarten-->C:\WINDOWS\uninst.exe -fC:\TLCWIN\RRK\uninstal\DeIsL1.isu
Reader Rabbit's Math Ages 4-6-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\rrm46\Uninst\DeIsL1.isu
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Scholastic's Huggly Saves The Turtles-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
StarFlyers Royal Jewel Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\StarFlyers Royal Jewel Rescue\Uninstall.xml"
StartWrite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Startwrite\StartWrite50\Uninst.isu"
Station Launcher-->C:\Program Files\Sony\Station\Station Launcher\uninstall.exe
Sunrise XP 2.03b-->"C:\Program Files\Sunrise XP\uninst.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TatukGIS Free Coordinate Calculator 1.2.0-->"C:\Program Files\TatukGIS\Utilities\ttkCal\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TurboTax Basic 2007-->C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
Two Worlds-->C:\Program Files\InstallShield Installation Information\{D166F9A2-C6E5-4BB1-AD66-CD0F9953089F}\setup.exe -runfromtemp -l0x0009 -removeonly
Typing Instructor for Kids II-->C:\Program Files\Typing Instructor for Kids II\unwise.exe
UltraISO Premium V8.61-->"C:\Program Files\UltraISO\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Verizon Broadband Toolbar-->C:\Program Files\vol_toolbar\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Video 9 Advanced Profile Codec-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Zoombinis Island Odyssey-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Zoombinis Island Odyssey\Uninstall.xml"
Zoombinis Logical Journey™-->C:\Program Files\The Learning Company\Zoombinis Logical Journey™\uninstall.exe
Zoombinis Mountain Rescue™-->C:\Program Files\The Learning Company\Zoombinis Mountain Rescue\uninstall.exe

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177903024031
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: E2020
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 28292
Source Name: Service Control Manager
Time Written: 20081028111454.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: E2020
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 28291
Source Name: Service Control Manager
Time Written: 20081028105753.000000-240
Event Type: information
User:

Computer Name: E2020
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 28290
Source Name: Service Control Manager
Time Written: 20081028105747.000000-240
Event Type: information
User:

Computer Name: E2020
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 28289
Source Name: Service Control Manager
Time Written: 20081028105747.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: E2020
Event Code: 26
Message: Application popup: System Error : Cannot read from drive D.

Record Number: 28288
Source Name: Application Popup
Time Written: 20081028105653.000000-240
Event Type: information
User:

Application event log

Computer Name: E2020
Event Code: 1000
Message: Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.

Record Number: 657
Source Name: Application Error
Time Written: 20071208070314.000000-300
Event Type: error
User:

Computer Name: E2020
Event Code: 1000
Message: Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.

Record Number: 656
Source Name: Application Error
Time Written: 20071208070308.000000-300
Event Type: error
User:

Computer Name: E2020
Event Code: 1000
Message: Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.

Record Number: 655
Source Name: Application Error
Time Written: 20071208070308.000000-300
Event Type: error
User:

Computer Name: E2020
Event Code: 1000
Message: Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.

Record Number: 654
Source Name: Application Error
Time Written: 20071208070257.000000-300
Event Type: error
User:

Computer Name: E2020
Event Code: 1000
Message: Faulting application inkball.exe, version 1.0.2201.0, faulting module inkball.exe, version 1.0.2201.0, fault address 0x0000b53d.

Record Number: 653
Source Name: Application Error
Time Written: 20071208070212.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:28 AM

Posted 21 December 2008 - 09:27 AM

Hello! :thumbsup:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:28 AM

Posted 30 December 2008 - 10:51 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users