Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im not sure what im infected with, im so sorry. cant run malware programs


  • This topic is locked This topic is locked
42 replies to this topic

#1 lindaga35

lindaga35

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 08 May 2009 - 06:34 PM

DDS (Ver_09-03-16.01) - FAT32x86
Run by Tom Jones at 19:19:24.71 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.128.26 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tom Jones\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\SHDOCVW.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dPolicies-explorer: EditLevel = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\SHDOCVW.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = :\WINDOW

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tomjon~1\applic~1\mozilla\firefox\profiles\ppx0vpow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NP32DSW.DLL
FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nphppi.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nplau32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPQTW32.DLL
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npstm32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-08 02:32 <DIR> --d----- c:\docume~1\tomjon~1\applic~1\Avira
2009-05-08 02:14 <DIR> --d----- c:\program files\Avira
2009-05-08 02:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-07 23:14 <DIR> --dsh--- C:\FOUND.001
2009-05-07 01:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-06 02:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-03 23:31 <DIR> --d----- c:\program files\MSECache
2009-04-30 02:51 <DIR> --d----- c:\program files\Avira GmbH
2009-04-29 07:17 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-24 08:11 <DIR> --d----- c:\documents and settings\tom jones\tomjones
2009-04-24 00:47 <DIR> --d----- C:\My Music
2009-04-24 00:44 <DIR> --d----- c:\program files\common files\xing shared
2009-04-24 00:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-24 00:15 <DIR> --d----- c:\program files\filehippo.com
2009-04-17 22:33 <DIR> --d----- c:\documents and settings\tom jones\lindamull
2009-04-17 17:56 <DIR> --d----- c:\docume~1\tomjon~1\applic~1\OpenOffice.org
2009-04-17 17:16 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-04-17 15:01 <DIR> --d----- c:\program files\Defraggler
2009-04-17 15:01 <DIR> --d----- c:\program files\CCleaner
2009-04-14 17:31 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:31 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:31 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-14 17:31 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:31 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:30 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 17:30 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:30 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-14 17:23 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 17:23 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 17:23 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-13 12:11 <DIR> --dsh--- C:\FOUND.000

==================== Find3M ====================

2009-05-08 06:10 1,852 a------- c:\windows\system32\d3d9caps.dat
2009-04-24 00:43 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-24 00:43 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-24 00:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-23 22:20 124,184 a------- c:\docume~1\tomjon~1\applic~1\GDIPFONTCACHEV1.DAT
2009-03-21 11:51 97,968 a------- c:\windows\Publix Preschool Pals Uninstaller.exe
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 19:54 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-28 00:55 105,984 -------- c:\windows\system32\dllcache\iecompat.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
1999-10-11 14:36 266 ---sh--- c:\program files\desktop.ini
1999-10-11 14:36 11,079 ----h--- c:\program files\folder.htt
2008-11-02 09:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat

============= FINISH: 19:21:11.52 ===============

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:41 AM

Posted 09 May 2009 - 09:41 AM

Hello lindaga35 :thumbup2: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please perform the following:



Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please post both both logs fromRSIT as well as the one from Kaspersky.


I also need to get a brief description of the problems you are having which brought you here. This can help expedite the cleaning process.


Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 09 May 2009 - 11:29 PM

first ive tried to open and run malware bytes and it wouldnt open. then my passwords were getting changed. (i know i changed a couple.) but the ones that got changed i dont remember doing.

then i tried to run kaspersky scanner and it wouldnt work at all.

its saying im using' Doctor Web Anti-Virus *On-access scanning enabled"

BUT IM NOT, i have no idea where this came from. i tried to search for it but no luck.

im so sorry,
Linda

Edited by lindaga35, 10 May 2009 - 06:26 AM.


#4 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 09 May 2009 - 11:39 PM

info.txt logfile of random's system information tool 1.06 2009-05-10 00:35:30

======Uninstall list======

-->"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dfx Tools-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3dfx\3dfx Tools\Uninst.isu" -c"C:\Program Files\3dfx\3dfx Tools\Cleanup.dll"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\SYSTEM32\MACROMED\FLASH\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira RootKit Detection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}\setup.exe" -l0x9
Belarc Advisor 7.2-->"C:\PROGRA~1\BELARC\ADVISOR\Uninstall.exe" "C:\PROGRA~1\BELARC\ADVISOR\INSTALL.LOG"
Bookshelf 2000-->"C:\Program Files\Microsoft Reference\Bookshelf 2000\bsuninst.exe" /uninstall
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Creative PCI Audio Drivers-->C:\SBPCI\sbsetup.exe -u
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DriverGuide Toolkit-->C:\Program Files\DriverGuide Toolkit\uninstall.exe
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Gateway Drivers and Applications Recovery-->C:\PROGRA~1\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Multi-function Keyboard-->C:\WINDOWS\gwhotkey.exe -U
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Photos Screensaver-->MsiExec.exe /X{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Lexmark 3600-4600 Series-->C:\Program Files\Lexmark 3600-4600 Series\Install\x86\Uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Easy Assist v2-->MsiExec.exe /I{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}
Microsoft Greetings-->C:\Program Files\Microsoft Home Publishing\Setup\mhpstp.exe /m
Microsoft IntelliPoint-->C:\PROGRA~1\MICROS~1\MOUSE\UNINSTAL.EXE
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 99-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 2.0-->C:\Program Files\Microsoft Picture It! Express\Setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 4.5-->C:\Program Files\MSWorks\Setup45\setup.exe
Microsoft Works Setup Launcher-->C:\Program Files\Microsoft Works Suite 99\Setup\Launcher.exe D:\
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Netscape Communicator 4.06-->C:\WINDOWS\cd32406.exe
Palm Desktop by ACCESS-->MsiExec.exe /X{95C42225-F0E2-4480-AD65-560D854F252E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Publix Preschool Pals-->C:\WINDOWS\Publix Preschool Pals Uninstaller.exe
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components-->C:\WINDOWS\CDAC13BA.EXE /uninstall
SBPCI DOS Drivers-->C:\SBPCI\sbdosins.exe -r
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Siemens Subscriber Networks SpeedStream DSL-->C:\Program Files\Siemens Subscriber Networks\SpeedStream DSL\setup.exe -uninstall
SOHOware SFA110-->C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\7\INTEL 32\IDRIVER.EXE /M{4BA3BD35-C76B-46D4-9AD5-390B74E33EFC}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RUNTIME\0701\INTEL32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wink-->"C:\Program Files\Wink\uninstall.exe"
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: AntiVir Desktop
AV: Doctor Web Anti-Virus

======System event log======

Computer Name: LINDAMULL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000A01031573. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 33720
Source Name: Dhcp
Time Written: 20090430210837.000000-240
Event Type: warning
User:

Computer Name: LINDAMULL
Event Code: 1002
Message: The IP address lease 192.168.254.1 for the Network Card with network address 000A01031573 has been
denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

Record Number: 33715
Source Name: Dhcp
Time Written: 20090430203418.000000-240
Event Type: error
User:

Computer Name: LINDAMULL
Event Code: 7022
Message: The Avira AntiVir Guard service hung on starting.

Record Number: 33701
Source Name: Service Control Manager
Time Written: 20090430202830.000000-240
Event Type: error
User:

Computer Name: LINDAMULL
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Record Number: 33697
Source Name: Service Control Manager
Time Written: 20090430201546.000000-240
Event Type: error
User:

Computer Name: LINDAMULL
Event Code: 18
Message: TIMEOUT<Explorer.EXE> C:\...-Malware\mbamext.dll

Record Number: 33696
Source Name: avgntflt
Time Written: 20090430201455.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: LINDAMULL
Event Code: 20
Message:
Record Number: 2990
Source Name: Google Update
Time Written: 20090303231358.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LINDAMULL
Event Code: 20
Message:
Record Number: 2989
Source Name: Google Update
Time Written: 20090303221402.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LINDAMULL
Event Code: 20
Message:
Record Number: 2988
Source Name: Google Update
Time Written: 20090303211359.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LINDAMULL
Event Code: 20
Message:
Record Number: 2973
Source Name: Google Update
Time Written: 20090303144032.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LINDAMULL
Event Code: 20
Message:
Record Number: 2972
Source Name: Google Update
Time Written: 20090303134034.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\system32;%SYSTEMROOT%;%SYSTEMROOT%\system32\WBEM;C:\Program Files\Support Tools\
"windir"=C:\WINDOWS
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=C:\windows\TEMP
"TMP"=c:\windows\TEMP
"BLASTER"=A220 I7 D1 H7 P330 T6
"BLASTXX"=AXXX IXX DX HX PXXX T6
"PROMPT"=$p$g
"winbootdir"=C:\WINDOWS
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Tom Jones at 2009-05-10 00:34:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (27%) free of 13 GB
Total RAM: 128 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:13, on 5/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tom Jones\Desktop\RSIT.exe
C:\Program Files\trend micro\Tom Jones.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe

--
End of file - 5095 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-24 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-24 148888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-24 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxamon]
C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe [2008-03-20 16040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-24 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\Hotsync.exe [2008-01-03 1392640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\System32\lxdxcoms.exe"="C:\WINDOWS\System32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server"
"C:\Program Files\Lexmark 3600-4600 Series\lxdxMON.EXE"="C:\Program Files\Lexmark 3600-4600 Series\lxdxMON.EXE:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\lxdxpswx.exe"="C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\lxdxjswx.exe"="C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\lxdxjswx.exe:*:Disabled:Job Status Window Interface"
"C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\LXDXtime.exe"="C:\WINDOWS\System32\SPOOL\drivers\w32x86\3\LXDXtime.exe:*:Disabled:Lexmark Connect Time Executable"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDXwbgw.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDXwbgw.exe:*:Disabled:Lexmark Web Gateway"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-05-10 00:34:16 ----D---- C:\rsit
2009-05-09 12:43:18 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-09 12:43:10 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-05-09 12:43:09 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-05-09 12:43:08 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-05-09 12:43:07 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-05-09 12:43:03 ----N---- C:\WINDOWS\system32\px.dll
2009-05-09 12:42:21 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-05-09 12:37:28 ----D---- C:\Documents and Settings\Tom Jones\Application Data\Google
2009-05-09 12:28:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-08 20:02:48 ----D---- C:\Program Files\Belarc
2009-05-08 02:32:32 ----D---- C:\Documents and Settings\Tom Jones\Application Data\Avira
2009-05-08 02:14:37 ----D---- C:\Program Files\Avira
2009-05-08 02:14:37 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-07 23:14:26 ----SHD---- C:\FOUND.001
2009-05-07 01:43:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-06 02:22:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-05 04:50:13 ----A---- C:\WINDOWS\SchedLog.Txt
2009-05-03 23:31:48 ----D---- C:\Program Files\MSECache
2009-04-30 02:51:17 ----D---- C:\Program Files\Avira GmbH
2009-04-24 00:47:13 ----D---- C:\My Music
2009-04-24 00:44:32 ----D---- C:\Program Files\Common Files\xing shared
2009-04-24 00:43:22 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-24 00:34:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-24 00:34:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-24 00:34:34 ----A---- C:\WINDOWS\system32\java.exe
2009-04-24 00:32:59 ----D---- C:\Program Files\Java
2009-04-24 00:15:07 ----D---- C:\Program Files\filehippo.com
2009-04-17 17:56:54 ----D---- C:\Documents and Settings\Tom Jones\Application Data\OpenOffice.org
2009-04-17 17:16:34 ----D---- C:\Program Files\OpenOffice.org 3
2009-04-17 15:01:56 ----D---- C:\Program Files\Defraggler
2009-04-17 15:01:09 ----D---- C:\Program Files\CCleaner
2009-04-14 18:49:16 ----HD---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-14 18:48:51 ----HD---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-14 18:48:24 ----HD---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-14 18:47:06 ----HD---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-14 18:46:21 ----HD---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-14 18:45:29 ----HD---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-14 17:23:24 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-13 12:11:58 ----SHD---- C:\FOUND.000
2009-04-11 14:23:32 ----D---- C:\Program Files\Adobe
2009-04-11 14:04:00 ----D---- C:\Program Files\NOS

======List of files/folders modified in the last 1 months======

2009-04-29 05:16:02 ----ASH---- C:\boot.ini
2009-04-29 05:16:00 ----A---- C:\WINDOWS\win.ini
2009-04-29 05:15:58 ----A---- C:\WINDOWS\system.ini
2009-04-24 00:44:04 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-24 00:43:24 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-24 00:43:16 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-04-24 00:43:14 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-24 00:43:14 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-04-24 00:33:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-16 11:54:10 ----A---- C:\additdiag.txt
2009-04-14 19:10:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-14 11:51:54 ----A---- C:\WINDOWS\wizards.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 3dfxvs;3dfxvs; C:\WINDOWS\System32\DRIVERS\3dfxvsm.sys [2001-08-17 148352]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH913D;913D Camera; C:\WINDOWS\System32\Drivers\Capt913D.sys [2006-12-21 29522]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-04-17 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-02-12 432897]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-24 152984]
R2 lxdx_device;lxdx_device; C:\WINDOWS\system32\lxdxcoms.exe [2008-02-27 594600]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-02-27 98984]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-09 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#5 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 10 May 2009 - 06:01 AM

I tried again to run the kasperty scanner, but it stopped at:

wmplayer.chm c\:WINDOWSHELP


I let i run overnight and it didnt get past 13%.

now what should i do?

im sorry it wouldnt work again.

thanks for your help.

Linda

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:41 AM

Posted 10 May 2009 - 08:27 AM

It's OK, there's no need to force the issue. The RSIT log will help.

Have you used Dr Web sometimes in the past? There may be some remnants left somewhere on the machine if you have.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:41 AM

Posted 10 May 2009 - 08:37 PM

I also need for you to do the following if you can:


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image

  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 10 May 2009 - 10:22 PM

i will do that tomorrow, im on a friends laptop right now.
since my computer was acting up she let me use her's.

Linda

#9 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 11 May 2009 - 09:00 PM

ive been running scan's on the "new" laptop. malware bytes found 3 trojens.

should i stop with the desktop for right now and work on this?

a friend gave me her old laptop, so im trying to clean it up.

thanks,
Linda

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:41 AM

Posted 12 May 2009 - 08:09 AM

ive been running scan's on the "new" laptop. malware bytes found 3 trojens.

should i stop with the desktop for right now and work on this?

a friend gave me her old laptop, so im trying to clean it up.

thanks,
Linda



Which one do you prefer to clean up. :thumbup2: If it is the laptop then I will need the RSIT and Kaspersky logs along with the one from MBAM.

If not then I will still need the info I asked for on the desktop. Either one is OK by me.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 12 May 2009 - 05:53 PM

the laptop right now for sure. i have it hooked up to my moniter because my friend dropped it and the screen is busted.

does that matter?

Linda

#12 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 12 May 2009 - 05:59 PM

this is from the new laptop:

Logfile of random's system information tool 1.06 (written by random/random)
Run by DAN at 2009-05-12 18:56:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 21 GB (56%) free of 38 GB
Total RAM: 703 MB (36% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-20 2403392]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-10-07 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-07 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-10-30 88363]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2004-04-02 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-26 335872]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-03-22 63864]
"lxdxamon"=C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe [2008-03-20 16040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-03-23 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe [2003-05-18 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"AOL ACS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MRI_DISABLED

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-04-02 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\lxdxcoms.exe"="C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 3600-4600 Series\frun.exe"="C:\Program Files\Lexmark 3600-4600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-05-12 18:56:49 ----D---- C:\Program Files\trend micro
2009-05-12 18:56:46 ----D---- C:\rsit
2009-05-12 07:06:59 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-05-12 07:06:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-05-11 21:29:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-11 21:29:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-11 21:29:32 ----A---- C:\WINDOWS\system32\java.exe
2009-05-11 21:29:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-11 21:18:32 ----D---- C:\Program Files\filehippo.com
2009-05-11 13:41:18 ----HDC---- C:\WINDOWS\ie8
2009-05-11 13:02:01 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-11 12:40:23 ----D---- C:\Program Files\NOS
2009-05-11 12:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-05-11 11:04:15 ----D---- C:\Documents and Settings\DAN\Application Data\Mozilla
2009-05-11 11:03:58 ----D---- C:\Program Files\Mozilla Firefox
2009-05-11 05:21:10 ----D---- C:\Program Files\Defraggler
2009-05-11 00:39:12 ----D---- C:\Documents and Settings\DAN\Application Data\Malwarebytes
2009-05-11 00:39:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-11 00:39:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-11 00:37:34 ----D---- C:\Program Files\CCleaner
2009-05-10 23:00:20 ----D---- C:\WINDOWS\ie8updates
2009-05-10 22:53:01 ----HD---- C:\WINDOWS\msdownld.tmp
2009-05-10 22:24:51 ----D---- C:\Documents and Settings\DAN\Application Data\Lexmark Productivity Studio
2009-05-10 22:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-10 22:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-10 22:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-10 22:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-10 22:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-10 22:18:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-05-10 22:17:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-10 22:16:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-10 22:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-10 22:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-10 22:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-10 22:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-10 22:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-10 22:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-05-10 22:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-10 22:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-10 22:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-10 22:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-10 22:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-10 22:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-05-10 22:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-10 22:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-10 22:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-10 22:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-10 22:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-10 22:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-10 22:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-05-10 22:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-10 21:44:07 ----D---- C:\logs
2009-05-10 21:43:19 ----A---- C:\WINDOWS\system32\lxdxvs.dll
2009-05-10 21:43:03 ----A---- C:\WINDOWS\system32\lxdxcoin.dll
2009-05-10 21:41:36 ----A---- C:\WINDOWS\system32\lxdxdrs.dll
2009-05-10 21:41:36 ----A---- C:\WINDOWS\system32\lxdxcaps.dll
2009-05-10 21:41:35 ----A---- C:\WINDOWS\system32\lxdxcnv4.dll
2009-05-10 21:39:15 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-05-10 21:35:22 ----D---- C:\Program Files\Lexmark Toolbar
2009-05-10 21:35:00 ----A---- C:\WINDOWS\system32\lxdxrwrd.ini
2009-05-10 21:34:46 ----A---- C:\WINDOWS\system32\lxdxwupd.exe
2009-05-10 21:34:46 ----A---- C:\WINDOWS\system32\lxdxwupd.dll
2009-05-10 21:34:17 ----A---- C:\WINDOWS\system32\LXDXinst.dll
2009-05-10 21:34:16 ----A---- C:\WINDOWS\system32\LXDXhcp.dll
2009-05-10 21:34:14 ----A---- C:\WINDOWS\system32\lxdxinpa.dll
2009-05-10 21:34:14 ----A---- C:\WINDOWS\system32\lxdxiesc.dll
2009-05-10 21:34:13 ----A---- C:\WINDOWS\system32\lxdxutil.dll
2009-05-10 21:34:12 ----A---- C:\WINDOWS\system32\lxdxusb1.dll
2009-05-10 21:34:11 ----A---- C:\WINDOWS\system32\lxdxserv.dll
2009-05-10 21:34:10 ----A---- C:\WINDOWS\system32\lxdxprox.dll
2009-05-10 21:34:09 ----A---- C:\WINDOWS\system32\lxdxpmui.dll
2009-05-10 21:34:09 ----A---- C:\WINDOWS\system32\lxdxlmpm.dll
2009-05-10 21:34:08 ----A---- C:\WINDOWS\system32\lxdxjswr.dll
2009-05-10 21:34:07 ----A---- C:\WINDOWS\system32\lxdxinsr.dll
2009-05-10 21:34:07 ----A---- C:\WINDOWS\system32\lxdxinsb.dll
2009-05-10 21:34:07 ----A---- C:\WINDOWS\system32\lxdxins.dll
2009-05-10 21:34:06 ----A---- C:\WINDOWS\system32\lxdxih.exe
2009-05-10 21:34:05 ----A---- C:\WINDOWS\system32\lxdxhbn3.dll
2009-05-10 21:34:04 ----A---- C:\WINDOWS\system32\lxdxgrd.dll
2009-05-10 21:34:04 ----A---- C:\WINDOWS\system32\lxdxgf.dll
2009-05-10 21:34:03 ----A---- C:\WINDOWS\system32\lxdxcub.dll
2009-05-10 21:34:02 ----A---- C:\WINDOWS\system32\lxdxcur.dll
2009-05-10 21:34:02 ----A---- C:\WINDOWS\system32\lxdxcu.dll
2009-05-10 21:34:00 ----A---- C:\WINDOWS\system32\lxdxcoms.exe
2009-05-10 21:33:57 ----A---- C:\WINDOWS\system32\lxdxcomm.dll
2009-05-10 21:33:55 ----A---- C:\WINDOWS\system32\lxdxcomc.dll
2009-05-10 21:33:54 ----A---- C:\WINDOWS\system32\lxdxcfg.exe
2009-05-10 21:33:52 ----A---- C:\WINDOWS\system32\LXDXcfg.dll
2009-05-10 21:33:40 ----D---- C:\Program Files\Lexmark 3600-4600 Series
2009-05-10 21:05:30 ----A---- C:\WINDOWS\intuprof.ini
2009-05-10 20:34:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-05-10 20:34:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923845$
2009-05-10 20:33:00 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-10 20:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2009-05-10 20:27:01 ----HD---- C:\Config.Msi
2009-05-10 20:26:02 ----D---- C:\Program Files\Microsoft Windows OneCare Live

======List of files/folders modified in the last 1 months======

2009-05-12 18:56:49 ----RD---- C:\Program Files
2009-05-12 18:55:09 ----D---- C:\WINDOWS
2009-05-12 17:22:34 ----D---- C:\WINDOWS\Temp
2009-05-12 16:17:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-12 15:58:39 ----D---- C:\WINDOWS\system32
2009-05-12 15:58:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-12 07:06:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-12 07:06:41 ----HD---- C:\WINDOWS\inf
2009-05-11 23:17:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-11 23:13:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-11 22:10:33 ----D---- C:\WINDOWS\Prefetch
2009-05-11 21:29:40 ----SHD---- C:\WINDOWS\Installer
2009-05-11 21:28:49 ----D---- C:\Program Files\Java
2009-05-11 20:48:41 ----D---- C:\Program Files\Google
2009-05-11 20:48:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-11 16:05:40 ----D---- C:\WINDOWS\Debug
2009-05-11 13:48:33 ----D---- C:\WINDOWS\system32\en-us
2009-05-11 13:48:32 ----D---- C:\WINDOWS\Media
2009-05-11 13:48:32 ----D---- C:\WINDOWS\Help
2009-05-11 13:48:32 ----D---- C:\Program Files\Internet Explorer
2009-05-11 13:32:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-11 13:02:51 ----D---- C:\Program Files\Adobe
2009-05-11 13:02:06 ----D---- C:\Documents and Settings\DAN\Application Data\Adobe
2009-05-11 13:02:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-11 13:02:01 ----D---- C:\Program Files\Common Files
2009-05-11 13:00:59 ----D---- C:\Program Files\Common Files\Adobe
2009-05-11 02:42:37 ----SD---- C:\Documents and Settings\DAN\Application Data\Microsoft
2009-05-11 00:42:21 ----D---- C:\WINDOWS\Minidump
2009-05-11 00:39:07 ----D---- C:\WINDOWS\system32\drivers
2009-05-10 23:53:47 ----D---- C:\WINDOWS\system32\Macromed
2009-05-10 23:09:59 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-10 22:59:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-10 22:21:19 ----D---- C:\WINDOWS\system32\wbem
2009-05-10 22:21:18 ----D---- C:\WINDOWS\AppPatch
2009-05-10 22:18:51 ----D---- C:\Program Files\Messenger
2009-05-10 22:11:50 ----D---- C:\WINDOWS\WinSxS
2009-05-10 21:22:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-10 21:11:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-10 21:11:03 ----D---- C:\Program Files\Quicken
2009-05-10 21:10:54 ----A---- C:\WINDOWS\QUICKEN.INI
2009-05-10 20:43:31 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-10 20:41:39 ----D---- C:\WINDOWS\system32\config
2009-05-10 20:38:32 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-10 20:34:54 ----D---- C:\WINDOWS\system32\bits
2009-05-10 20:12:19 ----D---- C:\Program Files\Lx_cats
2009-05-10 20:08:27 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-10 19:57:49 ----SD---- C:\WINDOWS\Tasks
2009-05-10 19:57:33 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-05-10 19:51:26 ----D---- C:\Documents and Settings\DAN\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-09-09 8552]
R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-10-30 1205324]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-10-07 94601]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-02 680960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\System32\DRIVERS\NWADIenum.sys [2007-09-06 194048]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2003-10-23 46976]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-01 612032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-12-04 286848]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 CE3;Xircom Ethernet Adapter 10/100 Service; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-17 27164]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-04 28672]
S3 NWUSBCDFIL;Novatel Wireless Installation CD; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [2007-08-16 13824]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\WINDOWS\System32\DRIVERS\nwusbmdm.sys [2007-10-12 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\WINDOWS\System32\DRIVERS\nwusbser.sys [2007-10-12 99200]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [2007-10-12 99200]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-12-18 42092]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-02 397312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-11 152984]
R2 lxdx_device;lxdx_device; C:\WINDOWS\system32\lxdxcoms.exe [2008-02-27 594600]
R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264]
R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]
R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2009-03-22 1131896]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-20 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-09-16 1388648]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#13 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 12 May 2009 - 06:01 PM

info.txt logfile of random's system information tool 1.06 2009-05-12 18:56:59

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon iP1600-->C:\WINDOWS\System32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CaptureView VGA Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65FC94A3-040C-455B-B29D-19F04D695C0F}\Setup.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Hotels eDirectory with MultiView Reader-->"C:\Program Files\MVReader\CHI-0002\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Financial Freedom Planner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6ED512A3-0F95-499E-AC8E-6354DBB33BB9}\SetUp.exe" -l0x9
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Software Update-->MsiExec.exe /X{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 3600-4600 Series-->C:\Program Files\Lexmark 3600-4600 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
LimeWire 4.16.7-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.5.2900.24-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}
Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.5.2900.24-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mobile Broadband Drivers-->MsiExec.exe /X{44AFDB86-1509-4CDC-9B2E-1C73B2DEE5F0}
Mobile Broadband Generic Drivers-->MsiExec.exe /X{26502D04-57B1-4A2D-8D5D-9DE36FC99355}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
PAUM008U Ver_2.32-->C:\Program Files\TARGUS\PAUM008U\Ver_2.32\unins000.EXE
PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Punch! Super Home Suite-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB923845)-->"C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Xactimate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CFC5A00-39BD-11D5-9FFD-F28153F9D671}\setup.exe" unist
Yahoo! SiteBuilder-->"C:\Program Files\Yahoo SiteBuilder\uninstall.exe"

======Security center information======

AV: Windows Live OneCare
FW: Windows Live OneCare Firewall

======System event log======

Computer Name: YOUR-FULKL1OH2Q
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 29923
Source Name: Tcpip
Time Written: 20080611211436.000000-240
Event Type: warning
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 29922
Source Name: Tcpip
Time Written: 20080611210056.000000-240
Event Type: warning
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 7000
Message: The IMAPI CD-Burning COM Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 29914
Source Name: Service Control Manager
Time Written: 20080611204333.000000-240
Event Type: error
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Record Number: 29913
Source Name: Service Control Manager
Time Written: 20080611204333.000000-240
Event Type: error
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 7000
Message: The mrtRate service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 29882
Source Name: Service Control Manager
Time Written: 20080610092055.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-FULKL1OH2Q
Event Code: 1002
Message: Hanging application ccApp.exe, version 2.1.0.610, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1982
Source Name: Application Hang
Time Written: 20061120222213.000000-300
Event Type: error
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 1002
Message: Hanging application wmplayer.exe, version 9.0.0.2980, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1966
Source Name: Application Hang
Time Written: 20061116212325.000000-300
Event Type: error
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 1001
Message: Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'PPTDesignFilesAdditional' failed during request for component '{A06C8594-1FFF-4F6F-B240-81D9D35B62E7}'

Record Number: 1932
Source Name: MsiInstaller
Time Written: 20061019224400.000000-240
Event Type: warning
User: YOUR-FULKL1OH2Q\DAN

Computer Name: YOUR-FULKL1OH2Q
Event Code: 1002
Message: Hanging application wmplayer.exe, version 9.0.0.2980, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1812
Source Name: Application Hang
Time Written: 20060920210645.000000-240
Event Type: error
User:

Computer Name: YOUR-FULKL1OH2Q
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1796
Source Name: Application Hang
Time Written: 20060918000121.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

#14 lindaga35

lindaga35
  • Topic Starter

  • Members
  • 384 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:41 AM

Posted 12 May 2009 - 08:46 PM

when im typing the curser moved all around the page. (at the beginning of the paragraph) could that be a trojen?

and myspace and facebook my passwords keep changing.

she has lime wire on here, should i delete it? i heard is is bad

Edited by lindaga35, 12 May 2009 - 09:30 PM.


#15 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:41 AM

Posted 12 May 2009 - 09:42 PM

All kind of screwy things can happen with infections so it is highly possible. With the other questions let's take one thing at the time. Please continue with the instructions I asked for before.

I still need the Kaspersky scan and the MalwareBytes log as soon as you can get them. You can find the MBAM log by opening the program and clicking on Logs If there is more than one highlight the newest and then select Open. You can then copy and past that in your next reply.

RSIT failed to download HJT and I am going to need you to try downloading and running it separately.

When you install HJT rename it to something you can remember easily.

Click here to download HijackThis.
Save HJTInstall.exe to your Desktop.
Double click on the HJTInstall.exe icon to start the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis
After the final dialogue box it will launch HijackThis.

Click on the scan button. It will scan and then ask you to save the log.
Save the log, and post me it in your next reply.




Try to post everything in one post. It should be able to hold all of it. If you have any problems or any questions please let me know.

Edited by thewall, 12 May 2009 - 09:44 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users