The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Win32:Trojan-gen in System Restore/mysterious black screens

Posted 12/5/2009 5:17 AM
#80580
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
I have Win32:Trojan-gen holed up in the System Restore area and I believe this Trojan is the reason my hard drive back-screens whenever I'm on Second Life or use any anti-virus application. I found the Trojan with Avast during boot scans.

Whether the Trojan is connected to the black screens and shut-downs, I don't know. If you've ever heard of this happening or you've seen it, I hope someone has a solution, because I'm at a loss as to how to terminate this Trojan from System Restore and what these shut-downs and black screens are caused by.

Thanks in advance.
Posted 12/6/2009 4:19 AM
#80611
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Welcome to BG forums IceDog Chill,

Less likely the infection is running from System Restore, but that it keeps being found there means active infection is there creating the Restore information. Let's get some details and check things there.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 12/7/2009 9:02 AM
#80637
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
First off, hi.

Second, I don't get what you mean by "Less likely the infection is running from System Restore, but that it keeps being found there means active infection is there creating the Restore information."

As for Gmer, whatever's causing the freezes, black screens, and shut-downs froze Gmer as soon as it finished the full scan, so that's out.

But here is the log from RSIT. The info will be next.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-12-06 15:08:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 73 GB (67%) free of 109 GB
Total RAM: 511 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:30 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Program Files\Smart_PC\tbSma0.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Program Files\Smart_PC\tbSma0.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Smart PC Toolbar - {e3aaf71e-b295-4156-ae11-777237a1db3c} - C:\Program Files\Smart_PC\tbSma0.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Error Messages for Windows.lnk = C:\Program Files\Software by Design\MSWinErr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: McAfee Wi-FiScan - https://download.mcafee.com/molbin/iss-loc/mwfs/3.1.0.0/WscWlanScannerCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191438505734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9e2eddafb0902) (gupdate1c9e2eddafb0902) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 14978 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5AD510E8-4A2E-4EAF-B8A9-A2E6181136A5}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9D0D3EC6-30FD-4D02-ABEE-A919397DFBC7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-05 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Mc [2005-11-19 119712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-22 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-24 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-22 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3aaf71e-b295-4156-ae11-777237a1db3c}]
Smart PC Toolbar - C:\Program Files\Smart_PC\tbSma0.dll [2009-11-23 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03 98304]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-10-26 440384]
{e3aaf71e-b295-4156-ae11-777237a1db3c} - Smart PC Toolbar - C:\Program Files\Smart_PC\tbSma0.dll [2009-11-23 2166296]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-22 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=VTTimer.exe []
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-14 139264]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472]
"LTMSG"=LTMSG.exe 7 []
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]
"CamMonitor"=c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [2002-10-07 90112]
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE [2003-06-18 53248]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-05 198160]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe [2008-07-09 37888]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-07-28 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"mcagent_exe"=C:\Program Files\Mc [2005-11-19 119712]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2008-08-08 532808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]
"NvMediaCenter"=C:\WINDOWS\system32\NVMCTRAY.DLL [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe [2008-03-26 2577120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Error Messages for Windows.lnk - C:\Program Files\Software by Design\MSWinErr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:SecondLife"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\McAfee\MWL\MwlSvc.exe"="C:\Program Files\McAfee\MWL\MwlSvc.exe:*:Enabled:McAfee Wireless Network Security"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray"
"C:\Program Files\OnRez\SLVoice.exe"="C:\Program Files\OnRez\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\OnRez\OnRez.exe"="C:\Program Files\OnRez\OnRez.exe:*:Enabled:Second Life"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-12-06 15:08:23 ----D---- C:\Program Files\trend micro
2009-12-06 15:08:14 ----D---- C:\rsit
2009-12-04 16:12:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-12-03 19:10:21 ----D---- C:\Program Files\Common Files\McAfee
2009-12-03 19:10:18 ----D---- C:\Program Files\McAfee.com
2009-12-03 18:38:57 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-03 18:23:23 ----A---- C:\aswclear.exe
2009-12-03 16:19:08 ----A---- C:\avast_home_setup.exe
2009-12-03 02:22:49 ----D---- C:\FanFiction.net
2009-12-01 17:50:28 ----D---- C:\Program Files\Safari
2009-11-30 18:20:30 ----D---- C:\FOR AND FROM
2009-11-30 16:18:20 ----D---- C:\Program Files\SecondLife
2009-11-27 01:08:49 ----D---- C:\Second Life
2009-11-24 18:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 18:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-23 01:07:13 ----D---- C:\$WIN_NT$.~LS
2009-11-23 01:07:13 ----D---- C:\$WIN_NT$.~BT
2009-11-23 01:06:40 ----D---- C:\WINDOWS\setupupd
2009-11-22 20:46:04 ----D---- C:\keyfinder.2.0.1
2009-11-22 18:04:49 ----D---- C:\Documents and Settings\Owner\Application Data\Blitware
2009-11-22 17:59:37 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-11-22 17:59:36 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2009-11-21 17:20:54 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-21 17:20:37 ----D---- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2009-11-13 16:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-12 21:59:57 ----A---- C:\spybotsd162.exe
2009-11-12 21:53:27 ----A---- C:\install_flash_player_10_active_x.exe
2009-11-12 21:51:30 ----A---- C:\ccsetup225.exe
2009-11-12 21:48:57 ----A---- C:\dfsetup115.exe
2009-11-12 20:29:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2009-11-12 20:02:51 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-12 20:00:55 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-12 20:00:54 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-12 20:00:54 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-12 20:00:53 ----D---- C:\aee3aa67a716b4ec755caedc96575a
2009-11-10 17:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-04 17:03:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-04 17:03:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-04 17:02:53 ----A---- C:\WINDOWS\system32\java.exe
2009-10-14 16:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 16:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 16:28:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 16:28:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 16:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 16:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 16:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 16:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 16:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-01 21:51:54 ----D---- C:\Corel Auto-Preserve
2009-09-11 01:54:59 ----D---- C:\WINDOWS\MSSecurityNS
2009-09-11 01:54:59 ----D---- C:\WINDOWS\MSSecurityNi
2009-09-11 01:54:39 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2009-09-11 01:50:28 ----D---- C:\Program Files\PHOTORECOVERY-LE
2009-09-09 16:29:08 ----D---- C:\Documents and Settings\Owner\Application Data\Corel
2009-09-09 16:13:28 ----D---- C:\Program Files\Common Files\Protexis
2009-09-09 16:13:22 ----D---- C:\Program Files\Common Files\Corel
2009-09-09 16:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2009-09-09 16:13:21 ----D---- C:\Program Files\Corel
2009-09-08 16:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 15:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

======List of files/folders modified in the last 3 months======

2009-12-06 15:09:39 ----D---- C:\WINDOWS\Temp
2009-12-06 15:08:23 ----RD---- C:\Program Files
2009-12-06 15:08:11 ----D---- C:\WINDOWS\Prefetch
2009-12-06 15:04:29 ----D---- C:\Program Files\Mozilla Firefox
2009-12-06 14:37:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-06 14:31:49 ----AC---- C:\WINDOWS\win.ini
2009-12-06 14:27:24 ----SD---- C:\WINDOWS\Tasks
2009-12-06 04:33:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-05 23:47:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-05 00:55:40 ----D---- C:\WINDOWS
2009-12-05 00:53:10 ----D---- C:\WINDOWS\system32
2009-12-05 00:44:22 ----D---- C:\WINDOWS\system32\drivers
2009-12-05 00:43:36 ----D---- C:\WINDOWS\Help
2009-12-05 00:43:13 ----D---- C:\WINDOWS\nview
2009-12-05 00:43:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-05 00:42:43 ----HD---- C:\WINDOWS\inf
2009-12-05 00:42:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-04 22:08:43 ----D---- C:\Program Files\mIRC
2009-12-04 16:12:53 ----D---- C:\WINDOWS\system32\config
2009-12-04 16:12:20 ----D---- C:\Program Files\Alwil Software
2009-12-03 19:18:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-03 19:18:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-03 19:17:17 ----D---- C:\Program Files\McAfee
2009-12-03 19:10:21 ----D---- C:\Program Files\Common Files
2009-12-03 18:11:50 ----A---- C:\DMSetup.exe
2009-12-03 17:08:54 ----D---- C:\Program Files\vmntoolbar
2009-12-03 16:27:28 ----D---- C:\Documents and Settings\All Users\Application Data\Smilebox
2009-12-02 22:44:26 ----D---- C:\temp
2009-12-02 22:30:39 ----D---- C:\WINDOWS\CREATOR
2009-12-01 17:51:17 ----SHD---- C:\WINDOWS\Installer
2009-12-01 17:51:16 ----HD---- C:\Config.Msi
2009-11-28 22:20:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-28 22:19:45 ----D---- C:\Program Files\WebEx
2009-11-28 19:11:32 ----D---- C:\WINDOWS\Minidump
2009-11-28 19:11:32 ----D---- C:\WINDOWS\Debug
2009-11-28 16:40:15 ----D---- C:\Program Files\Software by Design
2009-11-24 18:06:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-24 18:05:42 ----D---- C:\WINDOWS\WinSxS
2009-11-23 17:58:03 ----D---- C:\Program Files\WinZip
2009-11-23 16:16:14 ----D---- C:\Documents and Settings
2009-11-23 02:36:29 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-11-23 01:14:51 ----RASH---- C:\boot.ini
2009-11-23 01:07:13 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-11-22 01:52:17 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2009-11-22 01:49:06 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2009-11-22 01:14:46 ----D---- C:\Program Files\Google
2009-11-22 01:01:06 ----D---- C:\WINDOWS\SHELLNEW
2009-11-22 00:56:19 ----D---- C:\Program Files\Java
2009-11-22 00:51:07 ----D---- C:\Program Files\Flock
2009-11-22 00:51:02 ----D---- C:\Documents and Settings\Owner\Application Data\Flock
2009-11-22 00:42:19 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-21 17:33:38 ----A---- C:\93.71_forceware_winxp2k_english_whql.exe
2009-11-15 17:27:39 ----D---- C:\Program Files\QuickTime
2009-11-14 04:34:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-14 04:32:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-14 03:35:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-14 03:35:38 ----RSD---- C:\WINDOWS\assembly
2009-11-13 16:51:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-12 22:36:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-12 22:01:53 ----D---- C:\Program Files\Common Files\Apple
2009-11-12 21:52:34 ----D---- C:\Program Files\CCleaner
2009-11-12 21:49:58 ----D---- C:\Program Files\Defraggler
2009-11-12 20:29:08 ----D---- C:\Program Files\Internet Explorer
2009-11-12 20:29:01 ----D---- C:\WINDOWS\ie8updates
2009-11-12 20:21:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-12 20:02:46 ----D---- C:\WINDOWS\system32\en-US
2009-11-12 20:02:38 ----RSD---- C:\WINDOWS\Fonts
2009-11-12 20:01:44 ----D---- C:\WINDOWS\system32\spool
2009-11-05 12:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-22 00:42:24 ----D---- C:\Documents and Settings\Owner\Application Data\SecondLife
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 14:57:02 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 14:57:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2009-10-08 14:56:56 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2009-09-11 09:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-11 01:46:19 ----D---- C:\WINDOWS\system32\oobe
2009-09-11 01:46:18 ----SD---- C:\WINDOWS\system32\Microsoft
2009-09-11 01:46:18 ----D---- C:\WINDOWS\system32\mui
2009-09-11 01:46:18 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-08 16:07:42 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-24 94160]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2009-08-26 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2009-08-26 21568]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-03 10368]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\Mc [2005-11-19 119712]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\Mc [2005-11-19 119712]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\Mc [2005-11-19 119712]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\Mc [2005-11-19 119712]
S2 gupdate1c9e2eddafb0902;Google Update Service (gupdate1c9e2eddafb0902); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
S3 MBackMonitor;MBackMonitor; C:\Program Files\Mc [2005-11-19 119712]
S3 McODS;McAfee Scanner; C:\PROGRA~1\Mc [2005-11-19 119712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-08-16 98672]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------









info.txt logfile of random's system information tool 1.06 2009-12-06 15:10:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Blackhawk Striker from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Color Efex Pro 3.0 Corel Sampler-->C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Languages\EN\PlugIns\Nik Software\Color Efex Pro 3.0 Corel Sampler\uninstall.exe
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Corel MediaOne-->MsiExec.exe /I{3C569633-C8DE-46E2-BB8F-F65198681C2F}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Painter Photo Essentials 4-->"C:\Program Files\Corel\Corel Painter Photo Essentials 4\MSILauncher" "{707EB912-C597-49D8-9460-46CC9AB03EBE}"
Corel Painter Photo Essentials 4-->MsiExec.exe /I{707EB912-C597-49D8-9460-46CC9AB03EBE}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Digimarc MyPictureMarc Watermarking Plugin-->C:\PROGRA~1\Digimarc\MYPICT~1\UNWISE.EXE C:\PROGRA~1\Digimarc\MYPICT~1\INSTALL.LOG
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{CE891120-1F56-45F3-B51B-211C553B5A3C}
ebgcSDK-->MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
Error Messages for Windows-->C:\WINDOWS\SDUnInst.exe c:\program files\software by design\mswinerr.uni
Excavation from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C56C66C3-3462-4A3F-8661-9E18362A5E7C\Uninstall.exe"
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Five Card Frenzy from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Games Add-in for Windows Live® Toolbar-->MsiExec.exe /I{C1E26BDC-5299-4F0E-969A-BDD60B3B93B1}
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & Officejet 4.7 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzscr01.exe" -datfile hposcr05.dat
hp psc 2170 series-->rundll32 hpzcon12.dll,VendorJettison hp psc 2170 series
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311-->MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
ImageSkill Background Remover 3-->"C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Languages\EN\PlugIns\ImageSkill\Background Remover 3\uninstall.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Mah Jong Medley-->C:\PROGRA~1\GAMEHO~1\MAHJON~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~1\INSTALL.LOG
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word 2003-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
Network Magic-->"C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe" /uninstall
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Orbital from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe"
Otto from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe"
Overball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe"
PC Pitstop Disk MD 2.0-->"C:\Program Files\PCPitstop\Disk MD\unins000.exe"
PC Pitstop Exterminate 1.0-->"C:\Program Files\PCPitstop\Exterminate\unins000.exe"
PC Pitstop Optimize 1.5-->"C:\Program Files\PCPitstop\Optimize\unins000.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PHOTORECOVERY LE-->MsiExec.exe /X{8D03A164-B586-4318-AFE6-870A5E2739C1}
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Smart PC Suite v2.2-->"C:\Program Files\Smart PC Solutions\Smart PC Suite\unins000.exe"
Smart_PC Toolbar-->C:\PROGRA~1\Smart_PC\UNWISE.EXE C:\PROGRA~1\Smart_PC\INSTALL.LOG
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
StarOffice 8 Product Update 11-->MsiExec.exe /X{3D15064D-4371-4FCC-B9E6-F79D6CBFDDD4}
StarOffice 8-->MsiExec.exe /I{86E2FE20-6679-4F30-B8E0-36D5BF6018BE}
Super Collapse! from GameHouse-->C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
Super Mah Jong-->C:\PROGRA~1\GAMEHO~1\Mahjong\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Mahjong\INSTALL.LOG
Super WHATword?-->C:\PROGRA~1\DOWNLO~1\WHATword\UNWISE.EXE /U C:\PROGRA~1\DOWNLO~1\WHATword\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Unit Conversions-->C:\WINDOWS\SDUnInst.exe c:\program files\software by design\uconvert.uni
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Weather Add-in for Windows Live Toolbar-->MsiExec.exe /I{0E9804E3-1D94-4D4A-A17D-19777FEF049D}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
Winamp Toolbar-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091206-1]
AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: FAMILY
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 1107564
Source Name: Disk
Time Written: 20091122011123.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 1107563
Source Name: Disk
Time Written: 20091122011122.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 1107562
Source Name: Disk
Time Written: 20091122011054.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 1107561
Source Name: Disk
Time Written: 20091122011053.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 1107560
Source Name: Disk
Time Written: 20091122011052.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: FAMILY
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2936 (0xb78)

Thread address : 0x023B1CB0

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\Program Files\Google\Update\GoogleUpdate.exe
by C:\WINDOWS\System32\svchost.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 4424
Source Name: McLogEvent
Time Written: 20091106012943.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3988 (0xf94)

Thread address : 0x00EE1CB0

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\WINDOWS\AppPatch\AcGenral.DLL
by C:\WINDOWS\system32\dumprep.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 4422
Source Name: McLogEvent
Time Written: 20091106010128.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 5051
Message: A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 432 (0x1b0)

Thread address : 0x019C5CB4

Thread message :

Build VSCORE.14.0.0.435 / 5301.4018
Object being scanned = \Device\HarddiskVolume2\Program Files\mcafee.com\agent\McUpdate.exe
by C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)


Record Number: 4416
Source Name: McLogEvent
Time Written: 20091106001319.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 1001
Message: Fault bucket 929236893.

Record Number: 4414
Source Name: Application Error
Time Written: 20091105160002.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1000
Message: Faulting application vlc.exe, version 0.9.2.0, faulting module libmjpeg_plugin.dll, version 0.0.0.0, fault address 0x00001740.

Record Number: 4412
Source Name: Application Error
Time Written: 20091105154958.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Posted 12/8/2009 12:27 AM
#80656
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I am not aware of a malware method that would allow it to run from the System Restore. But as malware will create Restore points, it's files would then be found there.

Right now the biggest issue I see here is it looks like you have two antivirus softwares, with both Avast and McAfee there. More than one antivirus software on the same system will cause many problems, from slowness to corruption. And interfere with our work there. You will need to choose one of those, temp disable all security software and then uninstall one. And be sure to reboot after.

Once you have done that, we will just go with a repair-type scan.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Posted 12/8/2009 1:31 AM
#80660
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
The strange thing is that the strange occurrences started a few weeks ago.
I had McAfee for years, but recently installed Avast. So it can't be that.

But here's the log you asked for:


ComboFix 09-12-07.04 - Owner 12/07/2009 19:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.142 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\456out.com.exe
AV: avast! antivirus 4.8.1368 [VPS 091207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-4136171701-3053115651-14595753-1003
c:\recycler\S-1-5-21-4136171701-3053115651-14595753-500
C:\setup.exe
C:\Thumbs.db
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-06 20:08 . 2009-12-06 20:10 -------- d-----w- c:\program files\trend micro
2009-12-06 20:08 . 2009-12-06 20:10 -------- d-----w- C:\rsit
2009-12-04 21:12 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-04 21:12 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-04 21:12 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-04 21:12 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-04 21:12 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-04 21:12 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-04 21:12 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-04 21:12 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-04 21:12 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-04 00:12 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-04 00:10 . 2009-12-04 00:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-04 00:10 . 2009-12-04 00:10 -------- d-----w- c:\program files\McAfee.com
2009-12-03 23:23 . 2009-12-03 23:23 230776 ----a-w- C:\aswclear.exe
2009-12-03 21:19 . 2009-12-03 21:19 308160 ----a-w- C:\avast_home_setup.exe
2009-12-03 07:22 . 2009-12-03 07:22 -------- d-----w- C:\FanFiction.net
2009-12-01 22:50 . 2009-12-01 22:51 -------- d-----w- c:\program files\Safari
2009-12-01 05:10 . 2009-11-19 16:48 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 05:10 . 2009-11-19 16:48 340480 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 05:10 . 2009-11-19 16:48 872960 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 05:10 . 2009-11-19 16:48 346624 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 04:28 . 2009-12-01 04:28 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-11-30 23:20 . 2009-11-30 23:26 -------- d-----w- C:\FOR AND FROM
2009-11-30 21:18 . 2009-11-30 21:20 -------- d-----w- c:\program files\SecondLife
2009-11-27 06:08 . 2009-12-03 07:38 -------- d-----w- C:\Second Life
2009-11-23 23:01 . 2009-11-30 23:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-11-23 06:07 . 2009-11-23 06:14 -------- d-----w- C:\$WIN_NT$.~BT
2009-11-23 06:07 . 2009-11-23 06:07 -------- d-----w- C:\$WIN_NT$.~LS
2009-11-23 01:46 . 2009-11-23 02:13 -------- d-----w- C:\keyfinder.2.0.1
2009-11-23 01:44 . 2009-11-23 01:44 337932 ----a-w- C:\keyfinder.2.0.1.zip
2009-11-22 23:04 . 2009-11-22 23:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Blitware
2009-11-22 22:59 . 2009-11-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-11-22 22:59 . 2009-11-22 23:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-11-22 05:52 . 2009-11-22 05:52 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-11-21 22:20 . 2009-11-21 22:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-21 22:20 . 2009-11-21 22:20 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-11-13 22:11 . 2009-11-13 22:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-11-13 02:59 . 2009-11-13 03:01 16409960 ----a-w- C:\spybotsd162.exe
2009-11-13 02:53 . 2009-11-13 02:53 1962544 ----a-w- C:\install_flash_player_10_active_x.exe
2009-11-13 02:51 . 2009-11-13 02:51 3310608 ----a-w- C:\ccsetup225.exe
2009-11-13 02:48 . 2009-11-13 02:49 3184296 ----a-w- C:\dfsetup115.exe
2009-11-13 01:02 . 2009-11-13 01:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-13 01:01 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-13 01:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-13 01:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-13 01:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-13 01:00 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-13 01:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-13 01:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-13 01:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-13 01:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-13 01:00 . 2009-11-13 01:01 -------- d-----w- C:\aee3aa67a716b4ec755caedc96575a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 10:04 . 2005-06-30 23:20 -------- d-----w- c:\program files\mIRC
2009-12-07 05:48 . 2006-06-18 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-04 21:12 . 2007-08-24 21:19 -------- d-----w- c:\program files\Alwil Software
2009-12-04 00:18 . 2007-09-17 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-04 00:17 . 2007-09-18 07:57 -------- d-----w- c:\program files\McAfee
2009-12-03 23:11 . 2007-09-11 16:31 1296288 ----a-w- C:\DMSetup.exe
2009-12-03 22:08 . 2006-07-01 22:31 -------- d-----w- c:\program files\vmntoolbar
2009-12-03 21:27 . 2006-08-01 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Smilebox
2009-11-29 03:19 . 2009-08-22 06:03 -------- d-----w- c:\program files\WebEx
2009-11-28 21:40 . 2006-01-19 03:15 -------- d-----w- c:\program files\Software by Design
2009-11-24 20:27 . 2009-09-10 02:51 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-24 20:27 . 2009-09-10 02:51 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-23 07:36 . 2007-06-17 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-22 06:52 . 2007-01-11 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-11-22 06:49 . 2009-04-17 07:56 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-11-22 06:14 . 2005-10-30 21:27 -------- d-----w- c:\program files\Google
2009-11-22 05:56 . 2003-10-11 03:09 -------- d-----w- c:\program files\Java
2009-11-22 05:51 . 2008-08-20 18:26 -------- d-----w- c:\program files\Flock
2009-11-22 05:51 . 2008-08-20 18:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Flock
2009-11-22 05:42 . 2003-10-11 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:33 . 2007-08-12 22:34 42567136 ----a-w- C:\93.71_forceware_winxp2k_english_whql.exe
2009-11-16 05:05 . 2007-08-26 23:01 124344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-15 22:27 . 2005-08-31 00:47 -------- d-----w- c:\program files\QuickTime
2009-11-14 09:34 . 2006-01-08 23:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 09:32 . 2006-01-08 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-13 03:01 . 2007-07-02 22:16 -------- d-----w- c:\program files\Common Files\Apple
2009-11-13 02:52 . 2008-04-25 19:34 -------- d-----w- c:\program files\CCleaner
2009-11-13 02:49 . 2008-07-16 20:30 -------- d-----w- c:\program files\Defraggler
2009-11-13 02:41 . 2005-06-29 22:33 159880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 02:16 . 2009-11-06 02:16 73728 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 21:54 . 2007-09-18 07:58 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 21:54 . 2007-09-18 07:58 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 21:54 . 2007-09-18 07:58 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 21:21 . 2009-11-04 21:21 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-22 05:42 . 2006-10-19 11:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SecondLife
2009-10-11 09:17 . 2009-08-26 20:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 19:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57 . 2003-11-15 10:49 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56 . 2003-11-15 10:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-16 14:22 . 2007-09-18 07:58 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2003-11-15 10:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:51 . 2009-09-11 06:51 883712 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{8D03A164-B586-4318-AFE6-870A5E2739C1}\Icon8D03A164.exe
2005-11-19 15:36 . 2005-11-19 15:36 119712 -c--a-w- c:\program files\Mc
2005-06-30 00:06 . 2005-06-30 00:06 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3aaf71e-b295-4156-ae11-777237a1db3c}]
2009-11-23 23:02 2166296 ----a-w- c:\program files\Smart_PC\tbSma0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3AAF71E-B295-4156-AE11-777237A1DB3C}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-05 198160]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2008-07-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Error Messages for Windows.lnk - c:\program files\Software by Design\MSWinErr.exe [2006-1-18 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-08-16 20:19 5728112 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
2008-03-26 21:40 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/4/2009 4:12 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/4/2009 4:12 PM 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 4:48 PM 717296]
S2 gupdate1c9e2eddafb0902;Google Update Service (gupdate1c9e2eddafb0902);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2009 2:19 PM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/5/2008 9:26 AM 747912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmercoraPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID64BE8B80-06C0-4C46-9C18-1B9A940B8CFF", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CIDA260D737-FA6E-4F40-92C7-65D45007A30C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID3492D34B-DF74-4CD8-A3D1-12AA8DB74232", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID2DE3473A-D41E-45FC-A732-0948BD71003D", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-VTTimer - VTTimer.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu -cc:\program files\Adobe\Photoshop 7.0\Uninst.dll
AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu
AddRemove-mIRC - c:\program files\mIRC\uninstall.exe _?=c:\program files\mIRC
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-12-07 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1049930900-2903888117-3738441277-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-12-07 20:20
ComboFix-quarantined-files.txt 2009-12-08 01:20

Pre-Run: 78,087,618,560 bytes free
Post-Run: 78,126,723,072 bytes free

- - End Of File - - 05A912B9B53483AE2D680135F2ACDE13
Posted 12/8/2009 2:59 AM
#80715
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Still do need to uninstall one of those antivirus softwares, before one starts mistaking the other for malware, and causes corruption issues there. ComboFix looks to have removed some items that may be part of an autorun worm infection, as well as a few mistaken identity legit files we will need to restore. I also now notice a proxy setting most likely created by malware there at some time.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

------------------

Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

[code]DEQUARANTINE::
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
QUIT::[/code]
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will run a brief limited scan, after which a log will pop up (also located at C:\DeQuarantine.txt). Post that back here please.

------------

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------------

Post that log and the Malwarebytes log please.

Post that log and the C:\DeQuarantine.txt log please.
Posted 12/8/2009 6:04 AM
#80729
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
ComboFix ran it's normal scan instead of the limited scan and didn't give C:\DeQuarantine.txt, but it did give me a new log, which i'll include here along with the mbam results:


ComboFix 09-12-07.04 - Owner 12/08/2009 0:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.104 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\456out.com.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 091207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-06 20:08 . 2009-12-08 04:54 -------- d-----w- c:\program files\trend micro
2009-12-06 20:08 . 2009-12-06 20:10 -------- d-----w- C:\rsit
2009-12-04 21:12 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-04 21:12 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-04 21:12 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-04 21:12 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-04 21:12 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-04 21:12 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-04 21:12 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-04 21:12 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-04 21:12 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-04 00:12 . 2009-07-16 17:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-04 00:10 . 2009-12-04 00:12 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-04 00:10 . 2009-12-04 00:10 -------- d-----w- c:\program files\McAfee.com
2009-12-03 23:23 . 2009-12-03 23:23 230776 ----a-w- C:\aswclear.exe
2009-12-03 21:19 . 2009-12-03 21:19 308160 ----a-w- C:\avast_home_setup.exe
2009-12-03 07:22 . 2009-12-03 07:22 -------- d-----w- C:\FanFiction.net
2009-12-01 22:50 . 2009-12-01 22:51 -------- d-----w- c:\program files\Safari
2009-12-01 05:10 . 2009-11-19 16:48 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 05:10 . 2009-11-19 16:48 340480 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 05:10 . 2009-11-19 16:48 872960 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 05:10 . 2009-11-19 16:48 346624 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 04:28 . 2009-12-01 04:28 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-11-30 23:20 . 2009-11-30 23:26 -------- d-----w- C:\FOR AND FROM
2009-11-30 21:18 . 2009-11-30 21:20 -------- d-----w- c:\program files\SecondLife
2009-11-27 06:08 . 2009-12-03 07:38 -------- d-----w- C:\Second Life
2009-11-23 23:01 . 2009-11-30 23:21 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-11-23 06:07 . 2009-11-23 06:14 -------- d-----w- C:\$WIN_NT$.~BT
2009-11-23 06:07 . 2009-11-23 06:07 -------- d-----w- C:\$WIN_NT$.~LS
2009-11-23 01:46 . 2009-11-23 02:13 -------- d-----w- C:\keyfinder.2.0.1
2009-11-23 01:44 . 2009-11-23 01:44 337932 ----a-w- C:\keyfinder.2.0.1.zip
2009-11-22 23:04 . 2009-11-22 23:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Blitware
2009-11-22 22:59 . 2009-11-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-11-22 22:59 . 2009-11-22 23:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-11-22 05:52 . 2009-11-22 05:52 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-11-21 22:20 . 2009-11-21 22:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-21 22:20 . 2009-11-21 22:20 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-11-21 22:20 . 2009-11-21 22:20 290816 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-11-13 22:11 . 2009-11-13 22:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-11-13 02:59 . 2009-11-13 03:01 16409960 ----a-w- C:\spybotsd162.exe
2009-11-13 02:53 . 2009-11-13 02:53 1962544 ----a-w- C:\install_flash_player_10_active_x.exe
2009-11-13 02:51 . 2009-11-13 02:51 3310608 ----a-w- C:\ccsetup225.exe
2009-11-13 02:48 . 2009-11-13 02:49 3184296 ----a-w- C:\dfsetup115.exe
2009-11-13 01:02 . 2009-11-13 01:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-11-13 01:01 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-11-13 01:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-13 01:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-13 01:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-13 01:00 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-11-13 01:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-13 01:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-13 01:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-13 01:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-13 01:00 . 2009-11-13 01:01 -------- d-----w- C:\aee3aa67a716b4ec755caedc96575a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 04:16 . 2005-06-30 23:20 -------- d-----w- c:\program files\mIRC
2009-12-07 05:48 . 2006-06-18 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-04 21:12 . 2007-08-24 21:19 -------- d-----w- c:\program files\Alwil Software
2009-12-04 00:18 . 2007-09-17 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-04 00:17 . 2007-09-18 07:57 -------- d-----w- c:\program files\McAfee
2009-12-03 23:11 . 2007-09-11 16:31 1296288 ----a-w- C:\DMSetup.exe
2009-12-03 22:08 . 2006-07-01 22:31 -------- d-----w- c:\program files\vmntoolbar
2009-12-03 21:27 . 2006-08-01 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Smilebox
2009-11-29 03:19 . 2009-08-22 06:03 -------- d-----w- c:\program files\WebEx
2009-11-28 21:40 . 2006-01-19 03:15 -------- d-----w- c:\program files\Software by Design
2009-11-24 20:27 . 2009-09-10 02:51 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-24 20:27 . 2009-09-10 02:51 848 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-23 07:36 . 2007-06-17 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-22 06:52 . 2007-01-11 23:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-11-22 06:49 . 2009-04-17 07:56 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-11-22 06:14 . 2005-10-30 21:27 -------- d-----w- c:\program files\Google
2009-11-22 05:56 . 2003-10-11 03:09 -------- d-----w- c:\program files\Java
2009-11-22 05:51 . 2008-08-20 18:26 -------- d-----w- c:\program files\Flock
2009-11-22 05:51 . 2008-08-20 18:27 -------- d-----w- c:\documents and settings\Owner\Application Data\Flock
2009-11-22 05:42 . 2003-10-11 05:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 22:33 . 2007-08-12 22:34 42567136 ----a-w- C:\93.71_forceware_winxp2k_english_whql.exe
2009-11-16 05:05 . 2007-08-26 23:01 124344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-15 22:27 . 2005-08-31 00:47 -------- d-----w- c:\program files\QuickTime
2009-11-14 09:34 . 2006-01-08 23:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-14 09:32 . 2006-01-08 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-13 03:01 . 2007-07-02 22:16 -------- d-----w- c:\program files\Common Files\Apple
2009-11-13 02:52 . 2008-04-25 19:34 -------- d-----w- c:\program files\CCleaner
2009-11-13 02:49 . 2008-07-16 20:30 -------- d-----w- c:\program files\Defraggler
2009-11-13 02:41 . 2005-06-29 22:33 159880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 02:16 . 2009-11-06 02:16 73728 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 21:54 . 2007-09-18 07:58 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 21:54 . 2007-09-18 07:58 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 21:54 . 2007-09-18 07:58 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 21:21 . 2009-11-04 21:21 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-22 05:42 . 2006-10-19 11:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SecondLife
2009-10-11 09:17 . 2009-08-26 20:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 19:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57 . 2003-11-15 10:49 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56 . 2003-11-15 10:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-16 14:22 . 2007-09-18 07:58 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2003-11-15 10:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:51 . 2009-09-11 06:51 883712 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{8D03A164-B586-4318-AFE6-870A5E2739C1}\Icon8D03A164.exe
2005-11-19 15:36 . 2005-11-19 15:36 119712 -c--a-w- c:\program files\Mc
2005-06-30 00:06 . 2005-06-30 00:06 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_01.08.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-08 05:02 . 2009-12-08 05:02 16384 c:\windows\Temp\Perflib_Perfdata_948.dat
+ 2009-12-08 05:02 . 2009-12-08 05:02 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2009-12-08 05:02 . 2009-12-08 05:02 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3aaf71e-b295-4156-ae11-777237a1db3c}]
2009-11-23 23:02 2166296 ----a-w- c:\program files\Smart_PC\tbSma0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3aaf71e-b295-4156-ae11-777237a1db3c}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3AAF71E-B295-4156-AE11-777237A1DB3C}"= "c:\program files\Smart_PC\tbSma0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{e3aaf71e-b295-4156-ae11-777237a1db3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-05 198160]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2008-07-09 37888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-6-18 53248]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Error Messages for Windows.lnk - c:\program files\Software by Design\MSWinErr.exe [2006-1-18 106496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-08-16 20:19 5728112 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
2008-03-26 21:40 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/4/2009 4:12 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/4/2009 4:12 PM 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 4:48 PM 717296]
S2 gupdate1c9e2eddafb0902;Google Update Service (gupdate1c9e2eddafb0902);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2009 2:19 PM 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/5/2008 9:26 AM 747912]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\wtf5qedo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID64BE8B80-06C0-4C46-9C18-1B9A940B8CFF", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CIDA260D737-FA6E-4F40-92C7-65D45007A30C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID3492D34B-DF74-4CD8-A3D1-12AA8DB74232", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\mercoraPlugin.js - pref("capability.policy.default.ClassID.CID2DE3473A-D41E-45FC-A732-0948BD71003D", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-12-08 00:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1049930900-2903888117-3738441277-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-12-08 00:42
ComboFix-quarantined-files.txt 2009-12-08 05:42
ComboFix2.txt 2009-12-08 01:21

Pre-Run: 78,111,211,520 bytes free
Post-Run: 78,077,227,008 bytes free

- - End Of File - - CB25DCC7ADA094A9594775F32DE0D21D









Malwarebytes' Anti-Malware 1.42
Database version: 3316
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/8/2009 12:59:01 AM
mbam-log-2009-12-08 (00-59-01).txt

Scan type: Quick Scan
Objects scanned: 120190
Time elapsed: 10 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Posted 12/8/2009 9:17 PM
#80751
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Looks improved so far. The logs show you have a Smart_PC Toolbar. This is another of Conduit's search redirector toolbars, which may also include some monitoring functios (see here). You can uninstall that through Add/Remove Programs to remove it.


Let's go ahead now with an additional current scan, to ensure all malware was removed.


Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 12/9/2009 1:45 AM
#80758
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
MicroSoft Updates forced me to reboot the first time, so I ran it again. Here is the log after the second scan:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=47025c090560ff419457fa3afa9e9fab
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-08 11:32:44
# local_time=2009-12-08 06:32:44 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 195668098 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 0 12313668 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=189350
# found=0
# cleaned=0
# scan_time=6621
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=47025c090560ff419457fa3afa9e9fab
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-09 01:40:21
# local_time=2009-12-08 08:40:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 195676148 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776869 100 96 0 12321718 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=189922
# found=0
# cleaned=0
# scan_time=6229
Posted 12/9/2009 3:46 AM
#80767
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Less likely to pick anything up on a second run, but it at least confirms nothing new was created during the reboot. Looking clean up - you did well there. Before we do some last cleaning up steps here of our own, post back how things are running please.
Posted 12/9/2009 9:09 PM
#80790
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
Test one last night went smoothly. But as I don't trust one test alone, I ran the second of three today, with a freeze. I pressed the power switch to reboot, then it went to a black screen, followed by a "PC is entering power-saving mode", but as I've seen in the past several weeks, the tower stays on. So it's not gone yet.
Posted 12/9/2009 9:45 PM
#80796
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I am not sure I had picked up from our work here these other freeze issues. What are you doing to "test" things, and what problem has been occurring that you had anticipated? The system freezes up? If so, it does this randomly - no ties with specific actions?
Posted 12/9/2009 10:21 PM
#80798
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
These are the indications that told me something was wrong starting weeks ago:

The anti-virus programs either freeze or give me a black screen, followed by the "PC is entering power-saving mode", as if I shut the tower off, but it stays on;
Second Life, an online game/virtual world gives me a black screen.
FireFox freezes.
Sometimes, just for no reason, even on start-up, I get a black screen, followed by the "PC is entering power-saving mode", as if I shut the tower off, but it stays on.

In each case, it takes a short amount of time for these problems to happen, and each one forces me to use the power button to shut the tower off, then back on.
Posted 12/10/2009 1:12 AM
#80800
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Not a simple problem to easily pinpoint the source. What is the computer's make and model, also the monitor's, and if it has an added video card the make and model of that please?
Posted 12/10/2009 1:24 AM
#80801
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
Tower: HP Pavilion a462x
Monitor: HP Pavilion f1703 (Flat panel.)
Video card: NVIDIA GeForce4 MX 440 with AGP8X (this was pre-installed.)

This system is eight years old, but everything else still works, including other browsers.
Posted 12/10/2009 1:34 AM
#80802
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Is the video card the only graphics option on those, or is it in additional to an onboard graphics chip (which would have two blue male end monitor jacks on the back instead of one)? The thinking is that although the BIOS is responsible for power saving shutdowns and settings, it is now getting a bad signal from the video in some way and bringing about the shutdowns.
Posted 12/10/2009 1:41 AM
#80803
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
This is where it gets confusing. Do I have to open the tower to find out or can I find it on the hardware list?
I'm asking because that's the only item I saw in the hardware list in the "Display adapters" section.
Posted 12/10/2009 5:22 PM
#80824
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Just look on the back of the computer for now. An onboard video would have the blue monitor jack where the USB and speaker and other jacks/ports are located, since all those would also be part of the motherboard. An additional video card would show as a separate blue connector where the row of slots show for added cards (like modems), most often near the bottom in the back.
Posted 12/11/2009 2:15 AM
#80835
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
I see only one blue jack.
Near the bottom is a yellow jack and a black thing. Not sure what the black is for.
Posted 12/11/2009 4:17 AM
#80847
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Shoot, I wasn't really paying enough attention. You had already posted that it is an AGP card when you posted the earlier info. Three areas where changes have addressed this problem are the Windows power settings, power settings in the BIOS, and then actually having to replace the graphics card. AGP, so very likely not an expensive item nowadays.

Start with the simplest of those. Right click the desktop, left click Properties. Click the Screensaver tab, then the Power button. Be sure to uncheck/disable Hibernation, and change the power settings so nothing is turned off automatically. Apply/OK and reboot for the changes to take effect. Then you will need to see if you get the error again after that.
Posted 12/11/2009 4:22 AM
#80848
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
No problem. We all slip sometimes.
I'll try it and get back to you.


Ok, it froze.
Next idea?
Posted 12/11/2009 11:41 PM
#80878
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Next is to access the BIOS and uncheck any power-saving options. As you first start the computer you may see an option to Enter Setup - the list here suggests that is the F1 key on your HP.

That should take you to a fairly bland display, where you use a combination of the arrow, Enter and Esc keys to move about the different pages and options. See if you can locate those that show a power-saving option that you can disable. If you are unsure on any write them down, and post those back here to check. When you finish making changes usually pressing the F10 key will move you yo the Save and Exit option. The system will then complete booting up, but you should do ate least one additional reboot to complete the changes.
Posted 12/12/2009 4:14 AM
#80897
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
BIOS is way out of my league and I know it can severely cripple my system with one wrong move, but I'll go for it.


Advanced:
Primary Video Adapter [PCI]
Local Bus IDE Adapter [Both]

Power:
After AC Power Failure [Stay Off]
Posted 12/12/2009 10:51 PM
#80914
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
[code]Advanced:
Primary Video Adapter [PCI][/code]

What were the other options for that, if any?
Posted 12/12/2009 11:15 PM
#80915
User avatar

IceDog Chill Advanced member

Date Joined Nov 2016
Total Posts: 50
[AGP]

Two things that weigh in on my mind now are:
1) I never touched anything to cause these problems.
2) That possible solution in BIOS seems too easy.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 8:57 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
48 Guest(s), 0 Registered Member(s) are currently online.