Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Did Malewarebytes get it all? Nope [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
duscarter

duscarter

    Member

  • Member
  • PipPip
  • 48 posts
I had to update because everytime I run Malewarebytes it finds something. There are still no noticable effects.

**** changed job websites

These are the reports for today.

Thank you for your time.

Malewarebytes:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5cb9c60c-138b-e7e8-cbab-3e00d608d09d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5cb9c60c-138b-e7e8-cbab-3e00d608d09d} (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dustin\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urntbhmsxx.dll (Adware.BHO) -> Quarantined and deleted successfully.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:42 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system32\dwwnw64r.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{60-0B-B0-03-DW}] C:\windows\system32\dwwnw64r.exe DWram03
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://*****.com/,D...ava ScriptX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198895456376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198895436357
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://*****/supportfiles/msrdp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll qqjgxr.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5760 bytes

Edited by duscarter, 27 August 2008 - 06:55 PM.

  • 0

Advertisements


#2
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey duscarter,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. :)

I'm looking at your log now, and I'll post back with a fix when I'm ready. Thanks for your patience.

PS. If I've not been responding, and you wonder why, feel free to PM me and I'll give an explanation.

LT
  • 0

#3
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
LT,

Thank you for your time and help. It is a holiday weekend here in the states, so I won't be around my laptop. Take your time.

Your Country hosted the best Olympics ever. You should be proud.

Regards,

Duscarter
  • 0

#4
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Your welcome duscarter,

I'll be getting back to you probably by tomorrow. :) Thanks for supporting the Beijing Olympics as well, hope you enjoyed it fully. USA did really well for this Olympics, you should feel proud as well. ^^

Edited by Ltangelic, 29 August 2008 - 07:20 AM.

  • 0

#5
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey duscarter,

Your logs don't seem to show much, let's run deeper scans.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Edited by Ltangelic, 29 August 2008 - 08:54 PM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Logfile of random's system information tool (written by random/random)
Run by Dustin at 2008-09-02 19:42:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (43%) free of 16 GB
Total RAM: 254 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:20 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system32\dwwnw64r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Dustin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dustin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{60-0B-B0-03-DW}] C:\windows\system32\dwwnw64r.exe DWram03
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://ive.cwinside...ava ScriptX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198895456376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198895436357
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countr...files/msrdp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll qqjgxr.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5885 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2002-02-28 114688]
"JOGSERV2.EXE"=C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe [2002-07-23 172032]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2002-06-21 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [2002-08-07 146432]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-07-03 40960]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"{60-0B-B0-03-DW}"=C:\windows\system32\dwwnw64r.exe [2008-08-23 200715]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-02 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-PhotoServer-UPnP"=2
"VAIOMediaPlatform-PhotoServer-HTTP"=2
"VAIOMediaPlatform-PhotoServer-AppServer"=2
"VAIOMediaPlatform-MusicServer-UPnP"=2
"VAIOMediaPlatform-MusicServer-HTTP"=2
"VAIOMediaPlatform-MusicServer-AppServer"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Documents and Settings\Dustin\Start Menu\Programs\Startup
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll qqjgxr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-01-30 286720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-02 19:42:45 ----D---- C:\rsit
2008-08-26 22:42:11 ----A---- C:\WINDOWS\system32\g52.exe
2008-08-25 23:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-25 18:28:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-24 16:09:41 ----D---- C:\WINDOWS\Prefetch
2008-08-24 16:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-24 16:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-24 16:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-24 16:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-24 16:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-24 16:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-24 16:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-24 16:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-24 16:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-24 16:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-24 15:49:28 ----D---- C:\WINDOWS\system32\scripting
2008-08-24 15:49:21 ----D---- C:\WINDOWS\l2schemas
2008-08-24 15:49:15 ----D---- C:\WINDOWS\system32\en
2008-08-24 14:58:49 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-24 14:58:41 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-24 14:58:38 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-24 14:58:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-24 14:58:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-24 14:58:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-24 14:57:49 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-24 14:57:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-24 14:57:39 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-24 14:57:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-24 14:57:31 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-24 14:57:25 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-24 14:57:06 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-24 14:57:05 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-24 14:57:05 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-24 14:57:03 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-24 14:57:03 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-24 14:56:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-24 14:56:58 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-24 14:56:28 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-24 14:56:28 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-24 14:56:27 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-24 14:56:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-24 14:56:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-24 14:55:49 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-24 14:55:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-24 14:54:57 ----A---- C:\WINDOWS\005266_.tmp
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-24 14:54:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-24 14:54:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-24 14:54:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-24 14:54:32 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-24 14:54:20 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-24 14:54:19 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-24 14:53:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-24 01:33:35 ----A---- C:\WINDOWS\system32\nrrzbeqvcylnui.exe
2008-08-24 00:26:30 ----D---- C:\Documents and Settings\Dustin\Application Data\Malwarebytes
2008-08-24 00:25:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 00:25:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 00:24:42 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-23 18:34:04 ----A---- C:\WINDOWS\system32\urntbhmsxx.dll-uninst.exe
2008-08-23 16:56:22 ----HD---- C:\$AVG8.VAULT$
2008-08-23 16:52:23 ----ASH---- C:\WINDOWS\system32\fdhgwfge.tmp
2008-08-23 16:33:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-23 16:31:04 ----D---- C:\Program Files\AVG
2008-08-23 16:30:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-23 15:12:01 ----A---- C:\WINDOWS\system32\jmwnw64r.exe
2008-08-23 15:08:18 ----ASH---- C:\WINDOWS\system32\fdhgwfge.ini
2008-08-23 15:07:30 ----A---- C:\WINDOWS\system32\07c5cfd2-.txt
2008-08-23 15:02:00 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-08-23 14:58:52 ----A---- C:\WINDOWS\system32\dwwnw64r.exe
2008-08-23 14:58:46 ----SHD---- C:\WINDOWS\RHVzdGlu
2008-08-23 14:58:43 ----A---- C:\WINDOWS\system32\abdvqjslauycqx.exe
2008-08-23 14:58:24 ----D---- C:\WINDOWS\system32\jr
2008-08-23 14:58:24 ----D---- C:\WINDOWS\system32\drive2
2008-08-23 14:58:24 ----D---- C:\WINDOWS\system32\Cusp
2008-08-23 14:58:23 ----D---- C:\WINDOWS\system32\spol
2008-08-23 14:58:21 ----A---- C:\328.bat
2008-08-23 14:58:14 ----D---- C:\WINDOWS\system32\eMaxt02
2008-08-23 14:58:14 ----D---- C:\Temp
2008-08-14 19:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 19:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 19:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 19:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 19:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 19:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 19:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-09 17:26:23 ----D---- C:\Program Files\LimeWire
2008-08-07 19:19:46 ----D---- C:\Program Files\Countrywide
2008-08-07 19:15:37 ----RSD---- C:\WINDOWS\assembly
2008-08-07 19:15:36 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-07 19:15:32 ----D---- C:\WINDOWS\system32\URTTemp
2008-07-29 21:00:25 ----D---- C:\Program Files\Full Tilt Poker.Net
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\java.exe
2008-07-09 18:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-28 13:53:30 ----D---- C:\Documents and Settings\Dustin\Application Data\ieSpell
2008-06-28 13:48:58 ----D---- C:\Program Files\ieSpell
2008-06-27 22:17:18 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-06-19 18:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-12 19:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-12 19:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-12 19:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 19:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-23 9855]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2002-02-16 18487]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-07-09 78225]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-07-09 1174192]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2002-07-09 159236]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-02-16 238109]
R3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver; C:\WINDOWS\System32\DRIVERS\i2220ntx.sys [2004-01-05 117248]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\DRIVERS\SonyNC.sys [2001-08-17 20752]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2001-08-17 37040]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxgc.sys [2002-07-19 202880]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-09 601488]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\CBTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver; C:\WINDOWS\System32\DRIVERS\Express.sys [2002-03-14 57984]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

List of services

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536]
S4 VAIOMediaPlatform-MusicServer-AppServer;VAIO Media Music Server (Application); C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe [2002-07-24 372806]
S4 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe [2002-07-19 45056]
S4 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2002-07-24 581632]
S4 VAIOMediaPlatform-PhotoServer-AppServer;VAIO Media Photo Server (Application); C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe [2002-07-17 462848]
S4 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe [2002-07-19 45056]
S4 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2002-07-24 581632]

-----------------EOF-----------------

________________________________________________________________________________
_________________

info.txt logfile of random's system information tool 2008-09-02 19:43:25

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adv06Setup-->MsiExec.exe /I{F6BB0D1C-672C-4E84-BD36-1760DA0131E6}
AMBIT Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8773FC58-B051-47CE-A75F-2347ECCA6CB6}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DVgate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Enhancement Browser Tools Agadoo-->C:\WINDOWS\system32\nrrzbeqvcylnui.exe
Enhancement Browser Tools Radbanner-->C:\WINDOWS\system32\abdvqjslauycqx.exe
Experience Vaio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DEBFF81-BE8D-4DA3-A444-8B48FD0AC93D}\setup.exe"
Full Tilt Poker.Net-->"C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}\setup.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
ImageStation Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72275927-4241-46A7-A9C4-B86C6B256EB6}\setup.exe"
ImageStation Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500CE39A-DC17-44EE-8EAD-E0416B16F0BC}\setup.exe"
Intel® 830M Chipset Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jog Dial Navigator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E36C4A4A-FE71-4E08-AE2E-D820FEDE40CA}\setup.exe"
LimeWire 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Motion JPEG Software Decoder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
MovieShaker 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\urntbhmsxx.dll-uninst.exe
Network Smart Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe"
OpenMG Secure Module 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\Setup.exe" -l0x9 UNINSTALL
PictureGear Studio 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62100}\Setup.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\setup.exe"
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5-->C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoftK56 Data Fax-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_8100104D\uninst.exe -U -IVEN_8086&DEV_2486&SUBSYS_8100104D
SonicStage 1.5.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sony Notebook Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe"
Sony on Yahoo! Essentials-->C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe"
Support Actions WinXP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VAIO Brezza Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACEC9C3E-0100-4EBE-B298-35A2145828A0}\setup.exe"
VAIO Grid Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Media 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Installer 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1A8479-D871-4573-AA8C-90BF0338B242}\setup.exe"
VAIO Media Platform 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AA14D661-8B7A-4A8F-B093-405C160178AF}
VAIO Serenus Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802EF464-4992-42B3-8434-45151AD3C933}\setup.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
  • 0

#8
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey duscarter,

Looks like there are some infections in there, we'll need to run some tools.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Uninstall Programs

Please go to Add or Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.1
Java™ 6 Update 4
Java™ 6 Update 5
LimeWire 4.14.8
<-- This is a P2P program that can compromise your computer security, it's recommended for you to remove it. Please have a look here and decide if you want to remove it.

Reboot your computer.

2) Fix with HijackThis

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [{60-0B-B0-03-DW}] C:\windows\system32\dwwnw64r.exe DWram03
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

3) Run Registry Fix

Please open notepad, and copy/paste the following text (including REGEDIT4) into the notepad window:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

  • Save the file above as fixit.reg on deskstop.
  • Double click on it. A window will open and prompt you if you want to merge it with the registry, click "Yes".
  • Another window will pop up informing you the merge was successful.

4) Run OTMoveIt2

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\windows\system32\dwwnw64r.exe
    C:\WINDOWS\system32\g52.exe
    C:\WINDOWS\005266_.tmp
    C:\WINDOWS\system32\nrrzbeqvcylnui.exe
    C:\WINDOWS\system32\urntbhmsxx.dll-uninst.exe
    C:\WINDOWS\system32\fdhgwfge.tmp
    C:\WINDOWS\system32\jmwnw64r.exe
    C:\WINDOWS\system32\fdhgwfge.ini
    C:\WINDOWS\system32\07c5cfd2-.txt
    C:\WINDOWS\system32\dwwnw64r.exe
    C:\WINDOWS\RHVzdGlu
    C:\WINDOWS\system32\abdvqjslauycqx.exe
    C:\WINDOWS\system32\jr
    C:\WINDOWS\system32\drive2
    C:\WINDOWS\system32\Cusp
    C:\WINDOWS\system32\spol
    C:\328.bat
    C:\WINDOWS\system32\eMaxt02
    C:\Program Files\LimeWire
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

4) Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next reply (please include):

Note: Please post ONE log in each post

Fresh HijackThis log
OTMoveIt2 log
MBAM scan log

  • 0

#9
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
LT,

Thank you for your time. I followed your steps. In step 2 : O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe was not removed, because it wasn't there.

Fresh Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:22 PM, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://ive.cwinside...ava ScriptX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198895456376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198895436357
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countr...files/msrdp.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5683 bytes
  • 0

#10
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Malewarebytes:

Malwarebytes' Anti-Malware 1.26
Database version: 1113
Windows 5.1.2600 Service Pack 3

9/4/2008 5:57:25 PM
mbam-log-2008-09-04 (17-57-25).txt

Scan type: Quick Scan
Objects scanned: 40211
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\radbanner (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#11
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTMoveIt Log:

Explorer killed successfully
C:\windows\system32\dwwnw64r.exe moved successfully.
C:\WINDOWS\system32\g52.exe moved successfully.
C:\WINDOWS\005266_.tmp moved successfully.
C:\WINDOWS\system32\nrrzbeqvcylnui.exe moved successfully.
C:\WINDOWS\system32\urntbhmsxx.dll-uninst.exe moved successfully.
C:\WINDOWS\system32\fdhgwfge.tmp moved successfully.
C:\WINDOWS\system32\jmwnw64r.exe moved successfully.
C:\WINDOWS\system32\fdhgwfge.ini moved successfully.
C:\WINDOWS\system32\07c5cfd2-.txt moved successfully.
File/Folder C:\WINDOWS\system32\dwwnw64r.exe not found.
C:\WINDOWS\RHVzdGlu moved successfully.
C:\WINDOWS\system32\abdvqjslauycqx.exe moved successfully.
C:\WINDOWS\system32\jr moved successfully.
C:\WINDOWS\system32\drive2 moved successfully.
C:\WINDOWS\system32\Cusp moved successfully.
C:\WINDOWS\system32\spol moved successfully.
C:\328.bat moved successfully.
C:\WINDOWS\system32\eMaxt02 moved successfully.
C:\Program Files\LimeWire\Incomplete moved successfully.
C:\Program Files\LimeWire moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\Dustin\LOCALS~1\Temp\~DF69D1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Dustin\LOCALS~1\Temp\~DF69DC.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09042008_173959

Files moved on Reboot...
File C:\DOCUME~1\Dustin\LOCALS~1\Temp\~DF69D1.tmp not found!
File C:\DOCUME~1\Dustin\LOCALS~1\Temp\~DF69DC.tmp not found!
  • 0

#12
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey duscarter,

Your logs look much better, let's run more scans to make sure it's clean. :)

1) Run Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also, please get me a new RSIT log.

Next reply (please include):

Note: Please post ONE log in each post

RSIT logs
Kaspersky scan log

Edited by Ltangelic, 05 September 2008 - 09:26 AM.

  • 0

#13
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
LT,

Kaspersky must have changed its format, so I couldn't follow directions exactly. A full scan was run, but it did not give me the option of saving as text. I hope this works:

Friday, September 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 05, 2008 21:31:29
Records in database: 1195455


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\

Scan statistics
Files scanned 44402
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:43:37

File name Threat name Threats count
C:\_OTMoveIt\MovedFiles\09042008_173959\windows\system32\g52.exe Infected: Trojan-Clicker.Win32.Agent.bso 1

The selected area was scanned. :)

Edited by duscarter, 05 September 2008 - 08:38 PM.

  • 0

#14
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Log:

Logfile of random's system information tool (written by random/random)
Run by Dustin at 2008-09-05 22:32:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (50%) free of 16 GB
Total RAM: 254 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:26 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dustin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Documents and Settings\Dustin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dustin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dustin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://ive.cwinside...ava ScriptX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198895456376
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198895436357
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countr...files/msrdp.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 5931 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2002-02-28 114688]
"JOGSERV2.EXE"=C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe [2002-07-23 172032]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2002-06-21 417792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [2002-08-07 146432]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-07-03 40960]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-02 1235736]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Dustin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VAIOMediaPlatform-PhotoServer-UPnP"=2
"VAIOMediaPlatform-PhotoServer-HTTP"=2
"VAIOMediaPlatform-PhotoServer-AppServer"=2
"VAIOMediaPlatform-MusicServer-UPnP"=2
"VAIOMediaPlatform-MusicServer-HTTP"=2
"VAIOMediaPlatform-MusicServer-AppServer"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-01-30 286720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-05 22:32:54 ----D---- C:\rsit
2008-09-04 17:39:59 ----D---- C:\_OTMoveIt
2008-08-25 23:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-25 18:28:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-24 16:09:41 ----D---- C:\WINDOWS\Prefetch
2008-08-24 16:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-24 16:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-24 16:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-24 16:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-24 16:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-24 16:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-24 16:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-24 16:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-24 16:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-24 16:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-24 15:49:28 ----D---- C:\WINDOWS\system32\scripting
2008-08-24 15:49:21 ----D---- C:\WINDOWS\l2schemas
2008-08-24 15:49:15 ----D---- C:\WINDOWS\system32\en
2008-08-24 14:58:49 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-24 14:58:41 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-24 14:58:38 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-24 14:58:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-24 14:58:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-24 14:58:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-24 14:57:49 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-24 14:57:42 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-24 14:57:39 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-24 14:57:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-24 14:57:35 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-24 14:57:31 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-24 14:57:25 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-24 14:57:06 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-24 14:57:05 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-24 14:57:05 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-24 14:57:03 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-24 14:57:03 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-24 14:56:58 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-24 14:56:58 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-24 14:56:28 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-24 14:56:28 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-24 14:56:27 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-24 14:56:26 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-24 14:56:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-24 14:55:49 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-24 14:55:48 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-24 14:55:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-24 14:54:54 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-24 14:54:53 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-24 14:54:46 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-24 14:54:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-24 14:54:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-24 14:54:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-24 14:54:32 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-24 14:54:20 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-24 14:54:19 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-24 14:53:57 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-24 00:26:30 ----D---- C:\Documents and Settings\Dustin\Application Data\Malwarebytes
2008-08-24 00:25:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 00:25:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 00:24:42 ----D---- C:\Program Files\Common Files\Download Manager
2008-08-23 16:56:22 ----HD---- C:\$AVG8.VAULT$
2008-08-23 16:33:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-08-23 16:31:04 ----D---- C:\Program Files\AVG
2008-08-23 16:30:57 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-23 15:02:00 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-08-23 14:58:14 ----D---- C:\Temp
2008-08-14 19:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 19:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 19:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 19:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 19:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 19:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 19:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-07 19:19:46 ----D---- C:\Program Files\Countrywide
2008-08-07 19:15:37 ----RSD---- C:\WINDOWS\assembly
2008-08-07 19:15:36 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-07 19:15:32 ----D---- C:\WINDOWS\system32\URTTemp
2008-07-29 21:00:25 ----D---- C:\Program Files\Full Tilt Poker.Net
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-28 18:43:00 ----A---- C:\WINDOWS\system32\java.exe
2008-07-09 18:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-28 13:53:30 ----D---- C:\Documents and Settings\Dustin\Application Data\ieSpell
2008-06-28 13:48:58 ----D---- C:\Program Files\ieSpell
2008-06-27 22:17:18 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-06-19 18:05:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-12 19:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-12 19:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-12 19:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 19:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$

List of drivers

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-23 9855]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2002-02-16 18487]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-07-09 78225]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-07-09 1174192]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2002-07-09 159236]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-02-16 238109]
R3 IPN2220;Wireless-G Notebook Adapter ver.4.0 Driver; C:\WINDOWS\System32\DRIVERS\i2220ntx.sys [2004-01-05 117248]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\DRIVERS\SonyNC.sys [2001-08-17 20752]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2001-08-17 37040]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\yacxgc.sys [2002-07-19 202880]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-09 601488]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\CBTNDIS5.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver; C:\WINDOWS\System32\DRIVERS\Express.sys [2002-03-14 57984]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\WINDOWS\System32\DRIVERS\odysseyIM4.sys [2005-05-18 173056]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

List of services

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536]
S4 VAIOMediaPlatform-MusicServer-AppServer;VAIO Media Music Server (Application); C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe [2002-07-24 372806]
S4 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe [2002-07-19 45056]
S4 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2002-07-24 581632]
S4 VAIOMediaPlatform-PhotoServer-AppServer;VAIO Media Photo Server (Application); C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe [2002-07-17 462848]
S4 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe [2002-07-19 45056]
S4 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP); C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe [2002-07-24 581632]

-----------------EOF-----------------
  • 0

#15
duscarter

duscarter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Info:

info.txt logfile of random's system information tool 2008-09-05 22:33:31

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adv06Setup-->MsiExec.exe /I{F6BB0D1C-672C-4E84-BD36-1760DA0131E6}
AMBIT Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8773FC58-B051-47CE-A75F-2347ECCA6CB6}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DVgate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29F61465-428A-11D4-B646-00C04F790F76}\setup.exe"
Experience Vaio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DEBFF81-BE8D-4DA3-A444-8B48FD0AC93D}\setup.exe"
Full Tilt Poker.Net-->"C:\Program Files\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B36C3DFD-BAB0-4513-BD27-FA4906A738FD}\setup.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
ImageStation Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72275927-4241-46A7-A9C4-B86C6B256EB6}\setup.exe"
ImageStation Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500CE39A-DC17-44EE-8EAD-E0416B16F0BC}\setup.exe"
Intel® 830M Chipset Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jog Dial Navigator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E36C4A4A-FE71-4E08-AE2E-D820FEDE40CA}\setup.exe"
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Motion JPEG Software Decoder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sony\Motion JPEG Software Decoder\Uninst.isu"
MovieShaker 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4A49B00-02F8-11D5-B64D-00C04F790F76}\setup.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\urntbhmsxx.dll-uninst.exe
Network Smart Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30642CE1-217B-40C0-92E2-6BF849599D9E}\setup.exe"
OpenMG Secure Module 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\Setup.exe" -l0x9 UNINSTALL
PictureGear Studio 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27C5164D-ED0E-4D64-B788-93305BD62100}\Setup.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerPanel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\setup.exe"
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5-->C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoftK56 Data Fax-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_8100104D\uninst.exe -U -IVEN_8086&DEV_2486&SUBSYS_8100104D
SonicStage 1.5.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony DV Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sony Notebook Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe"
Sony on Yahoo! Essentials-->C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe"
Support Actions WinXP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48BE827A-2D06-4804-90C3-4F2F8460F9D4}\setup.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VAIO Brezza Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACEC9C3E-0100-4EBE-B298-35A2145828A0}\setup.exe"
VAIO Grid Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21CF3E6E-1659-433E-B6CE-165D793560DA}\setup.exe"
VAIO Media 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Installer 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Media Music Server 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF733005-0F40-11D6-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
VAIO Media Photo Server 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1A8479-D871-4573-AA8C-90BF0338B242}\setup.exe"
VAIO Media Platform 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF0DD6E9-F673-4466-8353-70B50A506FD9}\setup.exe"
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AA14D661-8B7A-4A8F-B093-405C160178AF}
VAIO Serenus Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802EF464-4992-42B3-8434-45151AD3C933}\setup.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Security center information

AV: AVG Anti-Virus Free

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP